How severe is CVE-2021-34435?

CVE-2021-34435 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-34435

Name: theia
Author: eclipse

8.8HIGH

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to t

发布于: 9/1/2021更新于: 11/21/2024

描述

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..

AI分析AI驱动

受影响产品

eclipsetheia

参考资料

https://bugs.eclipse.org/bugs/show_bug.cgi?id=568018
ExploitPatchVendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568018
ExploitPatchVendor Advisory