How severe is CVE-2021-34435?

CVE-2021-34435 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-34435

Name: theia
Author: eclipse

8.8HIGH

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to t

Published: 9/1/2021Updated: 11/21/2024

Description

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..

AI AnalysisPowered by AI

Affected Products

eclipsetheia

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=568018
ExploitPatchVendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568018
ExploitPatchVendor Advisory