CVE-2021-41038 is a vulnerability in Eclipse Theia
Published on November 10, 2021
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
Weakness Type
Improper Verification of Source of a Communication Channel
The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.
Products Associated with CVE-2021-41038
Want to know whenever a new CVE is published for Eclipse Theia? stack.watch will email you.
Affected Versions
The Eclipse Foundation @theia/plugin-ext:- Version unspecified and below 1.18.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.