CVE-2021-41038
on github
Published
Severity
CVSS v3:
6.1 MEDIUM
CVSS v2:
4.3 MEDIUM
Description
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:* | n/a | 1.18.0 | * |