CVE-2021-41038
N/A
N/A
Summary
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | @theia/plugin-ext | unspecified < 1.18.0 | affected |
Weaknesses
- CWE-940: CWE-940: Improper Verification of Source of a Communication Channel
ADP Enrichment
CVE Program Container
Additional References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=575924
- https://github.com/eclipse-theia/theia/pull/10125
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=575924
- https://github.com/eclipse-theia/theia/pull/10125
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.