CVE-2021-41038

eclipse-theia/theia

on github

Published

November 10, 2021

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:eclipse:theia::::::::	n/a	1.18.0	*

External Links

NVD - CVE-2021-41038