Shodan
Vulnerabilities
Vulnerable Software
Eclipse:  >> Theia  >> 0.3.2  Security Vulnerabilities
CVE-2021-41038
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
CVSS Score
6.1
EPSS Score
0.003
Published
2021-11-10
CVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-03-12
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-03-12
CVE-2020-27224
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.
CVSS Score
9.6
EPSS Score
0.005
Published
2021-02-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved