Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-17636

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.4%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
Products affected by CVE-2019-17636
  • Eclipse » Theia » Version: 0.10.0
    cpe:2.3:a:eclipse:theia:0.10.0
  • Eclipse » Theia » Version: 0.11.0
    cpe:2.3:a:eclipse:theia:0.11.0
  • Eclipse » Theia » Version: 0.12.0
    cpe:2.3:a:eclipse:theia:0.12.0
  • Eclipse » Theia » Version: 0.13.0
    cpe:2.3:a:eclipse:theia:0.13.0
  • Eclipse » Theia » Version: 0.14.0
    cpe:2.3:a:eclipse:theia:0.14.0
  • Eclipse » Theia » Version: 0.15.0
    cpe:2.3:a:eclipse:theia:0.15.0
  • Eclipse » Theia » Version: 0.3.10
    cpe:2.3:a:eclipse:theia:0.3.10
  • Eclipse » Theia » Version: 0.3.11
    cpe:2.3:a:eclipse:theia:0.3.11
  • Eclipse » Theia » Version: 0.3.12
    cpe:2.3:a:eclipse:theia:0.3.12
  • Eclipse » Theia » Version: 0.3.13
    cpe:2.3:a:eclipse:theia:0.3.13
  • Eclipse » Theia » Version: 0.3.14
    cpe:2.3:a:eclipse:theia:0.3.14
  • Eclipse » Theia » Version: 0.3.15
    cpe:2.3:a:eclipse:theia:0.3.15
  • Eclipse » Theia » Version: 0.3.16
    cpe:2.3:a:eclipse:theia:0.3.16
  • Eclipse » Theia » Version: 0.3.17
    cpe:2.3:a:eclipse:theia:0.3.17
  • Eclipse » Theia » Version: 0.3.18
    cpe:2.3:a:eclipse:theia:0.3.18
  • Eclipse » Theia » Version: 0.3.19
    cpe:2.3:a:eclipse:theia:0.3.19
  • Eclipse » Theia » Version: 0.3.9
    cpe:2.3:a:eclipse:theia:0.3.9
  • Eclipse » Theia » Version: 0.4.0
    cpe:2.3:a:eclipse:theia:0.4.0
  • Eclipse » Theia » Version: 0.5.0
    cpe:2.3:a:eclipse:theia:0.5.0
  • Eclipse » Theia » Version: 0.6.0
    cpe:2.3:a:eclipse:theia:0.6.0
  • Eclipse » Theia » Version: 0.6.1
    cpe:2.3:a:eclipse:theia:0.6.1
  • Eclipse » Theia » Version: 0.7.0
    cpe:2.3:a:eclipse:theia:0.7.0
  • Eclipse » Theia » Version: 0.7.1
    cpe:2.3:a:eclipse:theia:0.7.1
  • Eclipse » Theia » Version: 0.7.2
    cpe:2.3:a:eclipse:theia:0.7.2
  • Eclipse » Theia » Version: 0.8.0
    cpe:2.3:a:eclipse:theia:0.8.0
  • Eclipse » Theia » Version: 0.9.0
    cpe:2.3:a:eclipse:theia:0.9.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved