Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..
CVSS Information
N/A
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
Eclipse Theia 访问控制错误漏洞
Vulnerability Description
Eclipse Theia是Eclipse基金会的一套基于Visual Studio Code的用于桌面和Web应用程序的开源集成开发环境框架。 Eclipse Theia 0.3.9到1.8.1版本存在访问控制错误漏洞,该漏洞源于“mini-browser”扩展允许用户在IDE内的iframe中预览HTML文件。攻击者可利用该漏洞通过预览的HTML文件触发远程代码执行RCE。此漏洞仅在用户预览恶意文件时发生
CVSS Information
N/A
Vulnerability Type
N/A