Lucene search
EclipseCVELIST:CVE-2021-34436HistorySep 02, 2021 - 8:55 p.m.
CVE-2021-34436
2021-09-0220:55:10
CWE-22
CWE-611
eclipse
www.cve.org
6
cve-2021-34436
eclipse theia
remote code execution
xml extension
lsp4xml
lemminx
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.
CNA Affected
[
{
"product": "Eclipse Theia",
"vendor": "The Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.2.0-next.28bc2735"
},
{
"status": "affected",
"version": "0.2.0-next.41406d98"
},
{
"status": "affected",
"version": "0.2.0-next.a2958907"
}
]
}
]Related
cve
cve
CVE-2021-34436
2021-09-02 21:15:07
nvd
nvd
CVE-2021-34436
2021-09-02 21:15:07
osv
osv
CVE-2021-34436
2021-09-02 21:15:07
prion
prion
Design/Logic Flaw
2021-09-02 21:15:00