Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Eclipse Theia 代码问题漏洞
Vulnerability Description
Eclipse Theia是Eclipse基金会的一套基于Visual Studio Code的用于桌面和Web应用程序的开源集成开发环境框架。 Eclipse Theia 0.1.1至0.2.0版本存在安全漏洞,攻击者可以利用默认构建通过 theia-xml-extension 获取远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A