Lucene search
K
EclipseTheia

11 matches found

CVE
CVE
added 2021/03/12 9:40 p.m.77 views

CVE-2021-28161

The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...

6.1CVSS6.3AI score0.00708EPSS
CVE
CVE
added 2021/03/12 9:40 p.m.75 views

CVE-2021-28162

The vulnerability CVE-2021-28162 affects Eclipse Theia

6.1CVSS6.2AI score0.00776EPSS
CVE
CVE
added 2021/09/01 5:20 p.m.63 views

CVE-2021-34435

In Eclipse Theia, versions 0.3.9 through 1.8.1 are affected by a vulnerability in the built-in mini-browser extension that previews HTML files in an iframe inside the IDE. The issue arises from how the preview rendering is implemented, enabling a maliciously crafted HTML file viewed in the iframe...

8.8CVSS8.5AI score0.00595EPSS
CVE
CVE
added 2021/11/10 5:5 p.m.58 views

CVE-2021-41038

The CVE-2021-41038 entry concerns the @theia/plugin-ext component of Eclipse Theia (pre-1.18.0). The issue is that Webview contents can be hijacked via postMessage(), caused by improper verification of the communication channel. This mode of exploitation could expose or modify Webview content dep...

6.1CVSS6.1AI score0.00713EPSS
CVE
CVE
added 2020/03/10 2:30 p.m.54 views

CVE-2019-17636

The CVE-2019-17636 entry concerns Eclipse Theia (versions 0.3.9–0.15.0) where the default pre-packaged extension @theia/mini-browser exposes an HTTP endpoint to read arbitrary host filesystem files by path. The described flaw allows remote exploitation via DNS rebinding or drive-by download, enab...

8.1CVSS7.8AI score0.00586EPSS
CVE
CVE
added 2021/02/24 4:40 p.m.53 views

CVE-2020-27224

The CVE-2020-27224 entry affects Eclipse Theia up to version 1.2.0, specifically the Markdown Preview module (@theia/preview). The issue enables arbitrary code execution due to a failure in how external data is processed during code segment construction in the Markdown Preview, leading to a code ...

9.6CVSS9.5AI score0.02352EPSS
CVE
CVE
added 2021/09/02 8:55 p.m.50 views

CVE-2021-34436

The CVE affects Eclipse Theia 0.1.1–0.2.0, where the default build loads the theia-xml-extension (using lsp4xml, recently renamed LemMinX) to provide XML language support. This extension is installed by default, enabling remote code execution and XXE via the XML support component. Connected docum...

9.8CVSS9.7AI score0.02223EPSS
CVE
CVE
added 2026/06/18 2:35 p.m.23 views

CVE-2026-44691

CVE-2026-44691 affects Eclipse Theia versions before 1.69.0. The issue arises when custom task definitions in workspace files (e.g., .theia/tasks.json, .vscode/tasks.json) can be executed without workspace trust, potentially enabling arbitrary commands to run with the user’s privileges if a malic...

8.8CVSS5.8AI score0.00231EPSS
CVE
CVE
added 2026/06/18 2:26 p.m.17 views

CVE-2026-46580

Theia before v1.71.0 loads files matching .prompts/*.prompttemplate from a workspace, allowing attacker-controlled content to override the AI agent’s system prompts (indirect prompt injection). This enables attack chains with untrusted workspaces, potentially causing data exfiltration via Markdow...

8.8CVSS5.7AI score0.00272EPSS
CVE
CVE
added 2026/06/18 2:22 p.m.16 views

CVE-2026-44688

The vulnerability CVE-2026-44688 affects Eclipse Theia versions prior to 1.71.0. The AI chat agent processes workspace file and directory names as part of its prompt context without distinguishing them from system instructions, enabling indirect prompt injection when an attacker uses adversarial ...

8.8CVSS5.7AI score0.00272EPSS
CVE
CVE
added 2026/06/18 2:32 p.m.15 views

CVE-2026-22551

Eclipse Theia versions before 1.71.0 are affected: the AI chat could render Markdown image tags from AI responses, causing HTTP requests to arbitrary external URLs. In combination with a malicious workspace via prompt injection, an attacker could coax the AI agent to construct image URLs that lea...

6.7CVSS5.5AI score0.00181EPSS