Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Eclipse Theia 数据伪造问题漏洞
Vulnerability Description
Eclipse Theia是Eclipse基金会的一套基于Visual Studio Code的用于桌面和Web应用程序的开源集成开发环境框架。 Eclipse Theia 0.3.9版本至0.15.0版本中存在数据伪造问题漏洞。远程攻击者可利用该漏洞读取主机文件系统上所指定路径下的文件内容。
CVSS Information
N/A
Vulnerability Type
N/A