Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3ZzktYzljci1wNWZx
Improper Neutralization of Input in Theia console
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
Permalink: https://github.com/advisories/GHSA-cwg9-c9cr-p5fqJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3ZzktYzljci1wNWZx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 8 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-cwg9-c9cr-p5fq, CVE-2021-28161
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-28161
- https://github.com/eclipse-theia/theia/issues/8794
- https://github.com/advisories/GHSA-cwg9-c9cr-p5fq
Affected Packages
npm:@theia/console
Versions: < 1.8.1Fixed in: 1.8.1