npm package
@theia/mini-browser
pkg:npm/%40theia/mini-browser
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34435 | — | >= 0.3.9, < 1.9.0 | 1.9.0 | Sep 1, 2021 | In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.. | ||
| CVE-2019-17636 | — | >= 0.3.9, < 0.16.0 | 0.16.0 | Mar 10, 2020 | In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's f |
- CVE-2021-34435Sep 1, 2021affected >= 0.3.9, < 1.9.0fixed 1.9.0
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..
- CVE-2019-17636Mar 10, 2020affected >= 0.3.9, < 0.16.0fixed 0.16.0
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's f