CVE-2021-41038

Summary

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().

Affected Software

VendorProductVersion RangeStatus
The Eclipse Foundation@theia/plugin-extunspecified < 1.18.0affected

Weaknesses

  • CWE-940: CWE-940: Improper Verification of Source of a Communication Channel

ADP Enrichment

CVE Program Container

Additional References

References