eclipse-theia/theia

eclipse-theia/theia

Releases181

Frequency2 weeks 4 days

Last Release about 16 hours ago

Stars21.6K

Eclipse Theia is a cloud & desktop IDE framework implemented in TypeScript.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-41038 ↗	Nov 10, 2021Wednesday, 10 November 2021, 17:15	6.1 MEDIUM	4.3 MEDIUM
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
CVE-2021-28161 ↗	Mar 12, 2021Friday, 12 March 2021, 22:15	6.1 MEDIUM	4.3 MEDIUM
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
CVE-2021-28162 ↗	Mar 12, 2021Friday, 12 March 2021, 22:15	6.1 MEDIUM	4.3 MEDIUM
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
CVE-2020-27224 ↗	Feb 24, 2021Wednesday, 24 February 2021, 17:15	9.6 CRITICAL	9.3 HIGH
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.