CVE-2021-28161: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 13, 2021

In Eclipse Theia versions up to and including, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.

References

github.com/advisories/GHSA-cwg9-c9cr-p5fq
github.com/eclipse-theia/theia/issues/8794
nvd.nist.gov/vuln/detail/CVE-2021-28161

Detect and mitigate CVE-2021-28161 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →