In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: eclipse
Published: 2021-11-10T17:05:11
Updated: 2024-08-04T02:59:30.930Z
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-41038
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-11-10T17:15:11.170
Modified: 2021-11-13T03:57:06.957
Link: CVE-2021-41038
Redhat
No data.