Description
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is “Mini-Browser”, published as “@theia/mini-browser” on npmjs.com.
Recommendation
Update the @theia/mini-browser package to the latest compatible version. Followings are version details:
- Affected version(s): >= 0.3.9, < 0.16.0
- Patched version(s): 0.16.0
References
Related Issues
- Remote code execution in Eclipse Theia - CVE-2021-34435
- Cross-site Scripting (XSS) in Eclipse Theia - CVE-2020-27224
- Improper Verification of Communication Channel in @theia/plugin-ext - CVE-2021-41038
- Deserialization of Untrusted Data in bson (GHSA-4jwp-vfvf-657p) - CVE-2019-2391
- Tags:
- npm
- @theia/mini-browser
Anything's wrong? Let us know Last updated on February 01, 2023