How severe is CVE-2021-34435?

CVE-2021-34435 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-34435

Name: theia
Author: eclipse

8.8HIGH

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to t

게시됨: 9/1/2021업데이트됨: 11/21/2024

설명

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..

AI 분석AI 기반

영향받는 제품

eclipsetheia

참조

https://bugs.eclipse.org/bugs/show_bug.cgi?id=568018
ExploitPatchVendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568018
ExploitPatchVendor Advisory