@theia/debug@1.1.0-next.a62a6b92

Theia - Debug Extension

latest version

1.72.3

latest non vulnerable version

1.73.0-next.40

first published

7 years ago

latest version published

11 days ago

licenses detected

(EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0)
>=0.3.15 <0.4.0-next.00e8c09d; >=0.4.0-next.01667bab <0.4.0-next.1811197f; >=0.4.0-next.18a0ab39 <0.4.0-next.18a37db5; >=0.4.0-next.18ae9022 <0.4.0-next.1cd91cb5; >=0.4.0-next.1d0fb3fc <0.4.0-next.1f81f4df; >=0.4.0-next.1fa90b0c <0.4.0-next.2938631f; >=0.4.0-next.293a122d <0.4.0-next.3525c2d6; >=0.4.0-next.35b1a24c <0.4.0-next.3ce6b1a0; >=0.4.0-next.3d0eb0df <0.4.0-next.64f622bf; >=0.4.0-next.662b1838 <0.4.0-next.75422c87; >=0.4.0-next.75f3bc0a <0.4.0-next.7a6afb5c; >=0.4.0-next.7aacbccb <0.4.0-next.7bc62190; >=0.4.0-next.7c4910de <0.4.0-next.7e23fd07; >=0.4.0-next.7e49f878 <0.4.0-next.815cb57d; >=0.4.0-next.817a0ab5 <0.4.0-next.82c6bb9e; >=0.4.0-next.831ad927 <0.4.0-next.86ea7fa8; >=0.4.0-next.874a9ed4 <0.4.0-next.89893c3a; >=0.4.0-next.8afea874 <0.4.0-next.8bf6a832; >=0.4.0-next.8c05cf32 <0.4.0-next.8d31c72f; >=0.4.0-next.8d548c85 <0.4.0-next.92ddfa43; >=0.4.0-next.93c16bb9 <0.4.0-next.975efc68; >=0.4.0-next.9769f7f1 <0.4.0-next.99a39fe2; >=0.4.0-next.99ede748 <0.4.0-next.9e404d07; >=0.4.0-next.9f6179ba <0.4.0-next.a60da1d1; >=0.4.0-next.a83fb710 <0.4.0-next.aa9a92d2; >=0.4.0-next.ab06a80d <0.4.0-next.af6e82af; >=0.4.0-next.b0064648 <0.4.0-next.bd75bde1; >=0.4.0-next.bd785801 <0.4.0-next.c141bc04; >=0.4.0-next.c2939ab3 <0.4.0-next.c437f7f3; >=0.4.0-next.c559850c <0.4.0-next.ca5aa507; >=0.4.0-next.cb9fc532 <0.4.0-next.cf6f36c0; >=0.4.0-next.cfd9fe1c <0.4.0-next.d3a01c9c; >=0.4.0-next.d40e3ddf <0.4.0-next.d572d5f3; >=0.4.0-next.d5f82c77 <0.4.0-next.d656a7ab; >=0.4.0-next.d711f201 <0.4.0-next.e695568f; >=0.4.0-next.e6977a73 <0.4.0-next.f3fb3095; >=0.4.0-next.f4ec66a8 <0.4.0-next.f5021b96; >=0.4.0-next.f54fc5c6 <0.4.0-next.f9048f12; >=0.4.0-next.f93d2811 <0.4.0-next.f9db5dde; >=0.4.0-next.fa5810fb <0.4.0-next.fce07f87; >=0.4.0-next.fd9dfcaa <0.4.0-next.fdbb533a; >=0.4.0-next.fed4e73b <1.39.0-next.16

View debug package health on Snyk (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @theia/debug package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Unsafe Dependency Resolution @theia/debug is a Theia - Debug Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a malicious repository that, when cloned and opened, triggers execution of these commands. This can be automatically exploited by sending a message in the AI chat if the workspace settings disable tool confirmation. How to fix Unsafe Dependency Resolution? Upgrade `@theia/debug` to version 1.69.0 or higher.	<1.69.0

Unsafe Dependency Resolution

@theia/debug is a Theia - Debug Extension

Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a malicious repository that, when cloned and opened, triggers execution of these commands. This can be automatically exploited by sending a message in the AI chat if the workspace settings disable tool confirmation.

How to fix Unsafe Dependency Resolution?

Upgrade @theia/debug to version 1.69.0 or higher.

<1.69.0

Go back to all versions of this package