CVE-2021-41038

CVE-2021-41038

Vendor The Eclipse Foundation
Product @theia/plugin-ext
Weakness CWE-940
Published November 10, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().

Key dates

02Disclosure timeline

November 10, 2021 CVE published
August 4, 2024 Record updated