CVE-2021-41038

Insufficient Verification of Data Authenticity in npm/@theia/mini-browser

Identifiers

CVE-2021-41038

Package Slug

npm/@theia/mini-browser

Vulnerability

Insufficient Verification of Data Authenticity

Description

The @theia/plugin-ext component of Eclipse Theia, Webview contents can be hijacked via postMessage().

Affected Versions

All versions before 1.18.0

Solution

Upgrade to version 1.18.0 or above.

Last Modified

2021-11-15

source