CVE-2021-34435

Exposure of Resource to Wrong Sphere in npm/@theia/mini-browser

Identifier

CVE-2021-34435

Package Slug

npm/@theia/mini-browser

Vulnerability

Exposure of Resource to Wrong Sphere

Description

In Eclipse Theia to, the mini-browser extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.

Affected Versions

All versions starting from 0.3.9 up to 1.8.1

Solution

Upgrade to version 1.9.0 or above.

Last Modified

2021-09-10

source