@theia/task@1.26.0-next.34

Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend.

latest version

1.72.3

latest non vulnerable version

1.73.0-next.40

first published

8 years ago

latest version published

12 days ago

licenses detected

(EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0)
>=0.3.12 <0.4.0-next.30302288; >=0.4.0-next.033cd87b <0.4.0-next.0452f917; >=0.4.0-next.04887acb <0.4.0-next.04ffb9fd; >=0.4.0-next.05636b92 <0.4.0-next.05b8a1fe; >=0.4.0-next.07a449af <0.4.0-next.089eacb1; >=0.4.0-next.09095b06 <0.4.0-next.09e1fe31; >=0.4.0-next.0a1bd791 <0.4.0-next.0af15439; >=0.4.0-next.0c4794d1 <0.4.0-next.0cc6469e; >=0.4.0-next.0cdd0667 <0.4.0-next.0ce7265a; >=0.4.0-next.0cf80336 <0.4.0-next.0e178466; >=0.4.0-next.0ea61827 <0.4.0-next.0edd86f0; >=0.4.0-next.0f6d8e0b <0.4.0-next.0f6ff70e; >=0.4.0-next.0f97c9ad <0.4.0-next.0fa6aba7; >=0.4.0-next.100c1417 <0.4.0-next.111cca7b; >=0.4.0-next.11d28271 <0.4.0-next.11e5c508; >=0.4.0-next.11f9f570 <0.4.0-next.1235a62f; >=0.4.0-next.127f9a4b <0.4.0-next.1598b0d2; >=0.4.0-next.15f0b373 <0.4.0-next.166206c2; >=0.4.0-next.166931fc <0.4.0-next.17fc65b3; >=0.4.0-next.1811197f <0.4.0-next.1858829f; >=0.4.0-next.18a0ab39 <0.4.0-next.18a24ac1; >=0.4.0-next.18a37db5 <0.4.0-next.19befe25; >=0.4.0-next.19c8f420 <0.4.0-next.19e7eb3c; >=0.4.0-next.1c202843 <0.4.0-next.1c6a289d; >=0.4.0-next.1ca7db0a <0.4.0-next.1d2c68c3; >=0.4.0-next.1d4138c7 <0.4.0-next.1e0b6bad; >=0.4.0-next.1e2cce94 <0.4.0-next.230e5bd5; >=0.4.0-next.233802d7 <0.4.0-next.23b197c5; >=0.4.0-next.23ee961c <0.4.0-next.241e2548; >=0.4.0-next.24492cf1 <0.4.0-next.247bd65e; >=0.4.0-next.2499ed4a <0.4.0-next.24f19214; >=0.4.0-next.260d7949 <0.4.0-next.26f1e0c3; >=0.4.0-next.26fa9af4 <0.4.0-next.2751e6aa; >=0.4.0-next.28692d8d <0.4.0-next.28e7d95a; >=0.4.0-next.2938631f <0.4.0-next.29e37df1; >=0.4.0-next.2b13972f <0.4.0-next.2bec2948; >=0.4.0-next.2c9cbbe2 <0.4.0-next.2d6d2277; >=0.4.0-next.2dfc8aa1 <0.4.0-next.2f09b173; >=0.4.0-next.2fc36399 <0.4.0-next.30ea65de; >=0.4.0-next.30eaeb02 <0.4.0-next.317ec35d; >=0.4.0-next.31c19d22 <0.4.0-next.3216adc8; >=0.4.0-next.322e9307 <0.4.0-next.3241dd5f; >=0.4.0-next.3302096b <0.4.0-next.33548c4b; >=0.4.0-next.337c62d5 <0.4.0-next.349abbc5; >=0.4.0-next.34e35a90 <0.4.0-next.35acafc8; >=0.4.0-next.35b1a24c <0.4.0-next.39dc16bd; >=0.4.0-next.37497648 <0.4.0-next.46411518; >=0.4.0-next.3a13adae <0.4.0-next.3ad1b934; >=0.4.0-next.3b4c459b <0.4.0-next.3cc63739; >=0.4.0-next.3ce6b1a0 <0.4.0-next.3fa31f9f; >=0.4.0-next.3fbd5e55 <0.4.0-next.40647f8b; >=0.4.0-next.40a32597 <0.4.0-next.421041cf; >=0.4.0-next.4303a25f <0.4.0-next.43a96386; >=0.4.0-next.43b9f5ad <0.4.0-next.4408ac46; >=0.4.0-next.4572886d <0.4.0-next.467603e8; >=0.4.0-next.46973a4e <0.4.0-next.478a49dd; >=0.4.0-next.48aeff5a <0.4.0-next.493701da; >=0.4.0-next.493e319a <0.4.0-next.4996f9be; >=0.4.0-next.49db4e46 <0.4.0-next.4a9d238e; >=0.4.0-next.4b0b09d0 <0.4.0-next.4b43fc42; >=0.4.0-next.4ba93d63 <0.4.0-next.4c18a8a4; >=0.4.0-next.4cc498a1 <0.4.0-next.4ce7eca4; >=0.4.0-next.4deb67ed <0.4.0-next.4df0bc53; >=0.4.0-next.4e1bc9eb <0.4.0-next.4e4003fc; >=0.4.0-next.4eb37604 <0.4.0-next.4f42f169; >=0.4.0-next.4f67b025 <0.4.0-next.504efa41; >=0.4.0-next.508e33c4 <0.4.0-next.50e1faa0; >=0.4.0-next.51010edc <0.4.0-next.51e75fbe; >=0.4.0-next.523426dd <0.4.0-next.53171ed2; >=0.4.0-next.5336443c <0.4.0-next.5508eba5; >=0.4.0-next.55507576 <0.4.0-next.64347695; >=0.4.0-next.558d4b53 <0.4.0-next.55e431bd; >=0.4.0-next.57b8add5 <0.4.0-next.588f4e0e; >=0.4.0-next.5928c2d4 <0.4.0-next.592c54b9; >=0.4.0-next.59408bf8 <0.4.0-next.59a1a3aa; >=0.4.0-next.5a60919f <0.4.0-next.5c36da6a; >=0.4.0-next.5c67bdfe <0.4.0-next.5c83d58f; >=0.4.0-next.5d429ebf <0.4.0-next.5db367f3; >=0.4.0-next.5dc9ba77 <0.4.0-next.5edfd115; >=0.4.0-next.5fc113f8 <0.4.0-next.603f24e2; >=0.4.0-next.603fe22b <0.4.0-next.605397d9; >=0.4.0-next.606bc8c2 <0.4.0-next.609e7d97; >=0.4.0-next.611acf73 <0.4.0-next.651175c2; >=0.4.0-next.6546be8c <0.4.0-next.660fdf43; >=0.4.0-next.662b1838 <0.4.0-next.663b2705; >=0.4.0-next.678b1d9a <0.4.0-next.67e44413; >=0.4.0-next.680c9bd5 <0.4.0-next.681c0580; >=0.4.0-next.68641166 <0.4.0-next.70567252; >=0.4.0-next.6879ee7c <0.4.0-next.6c696aeb; >=0.4.0-next.6cb7b7e5 <0.4.0-next.6eb322b6; >=0.4.0-next.6eb9f735 <0.4.0-next.6ed692a9; >=0.4.0-next.6f079ef6 <0.4.0-next.7039ddf6; >=0.4.0-next.705a376b <0.4.0-next.73aee16d; >=0.4.0-next.73d23a46 <0.4.0-next.73fba768; >=0.4.0-next.74a46e43 <0.4.0-next.750ffc54; >=0.4.0-next.75422c87 <0.4.0-next.76d2d772; >=0.4.0-next.76d871aa <0.4.0-next.77fd859f; >=0.4.0-next.7979da88 <0.4.0-next.7a35e953; >=0.4.0-next.7a6afb5c <0.4.0-next.7ab7987e; >=0.4.0-next.7ad39cb4 <0.4.0-next.7b3e0122; >=0.4.0-next.7bc62190 <0.4.0-next.7bcadff4; >=0.4.0-next.7c4910de <0.4.0-next.7caa4c87; >=0.4.0-next.7cf3ca76 <0.4.0-next.7d3fe0eb; >=0.4.0-next.7d4fcadd <0.4.0-next.7da249dd; >=0.4.0-next.7df95eb5 <0.4.0-next.7e9b2085; >=0.4.0-next.7f0b33d9 <0.4.0-next.81256bed; >=0.4.0-next.80121840 <0.4.0-next.91669125; >=0.4.0-next.815cb57d <0.4.0-next.81cd10ee; >=0.4.0-next.824c6b85 <0.4.0-next.8384ef22; >=0.4.0-next.842196b5 <0.4.0-next.8509100c; >=0.4.0-next.85890fd3 <0.4.0-next.86654a02; >=0.4.0-next.86a6c9ee <0.4.0-next.86e15040; >=0.4.0-next.86ea7fa8 <0.4.0-next.8712381a; >=0.4.0-next.8748b355 <0.4.0-next.898bb34e; >=0.4.0-next.8a8bf17e <0.4.0-next.8ab83bde; >=0.4.0-next.8adf4a6d <0.4.0-next.8cc44ca2; >=0.4.0-next.8d151a6d <0.4.0-next.8e00cb0d; >=0.4.0-next.8ecf40e1 <0.4.0-next.8f9fa512; >=0.4.0-next.9073393e <0.4.0-next.91cb3123; >=0.4.0-next.91e74cc5 <0.4.0-next.920f4e18; >=0.4.0-next.92c64f94 <0.4.0-next.934da162; >=0.4.0-next.93c16bb9 <0.4.0-next.93d9d1d4; >=0.4.0-next.95350428 <0.4.0-next.030ea182; >=0.4.0-next.9555e098 <0.4.0-next.95fa83fb; >=0.4.0-next.96ed159b <0.4.0-next.96f90b8c; >=0.4.0-next.971b4219 <0.4.0-next.9785265d; >=0.4.0-next.979b0f8a <0.4.0-next.97ad79bf; >=0.4.0-next.983e6ea3 <0.4.0-next.98b3cb42; >=0.4.0-next.98edc406 <0.4.0-next.99b3200d; >=0.4.0-next.99ede748 <0.4.0-next.9b2da59a; >=0.4.0-next.9b6cec8f <0.4.0-next.9b95d4f0; >=0.4.0-next.9c293b46 <0.4.0-next.9cfc1f79; >=0.4.0-next.9de18336 <0.4.0-next.9f12e894; >=0.4.0-next.9f6179ba <0.4.0-next.9fc35c5a; >=0.4.0-next.a09db28d <0.4.0-next.a1548603; >=0.4.0-next.a2119bc9 <0.4.0-next.a2df2faf; >=0.4.0-next.a2fa9040 <0.4.0-next.a34acb83; >=0.4.0-next.a37b81d0 <0.4.0-next.a52fab7d; >=0.4.0-next.a5a1683c <0.4.0-next.a62d8eaa; >=0.4.0-next.a821f30a <0.4.0-next.a831a03c; >=0.4.0-next.a83fb710 <0.4.0-next.a84e6fe1; >=0.4.0-next.a88cb19a <0.4.0-next.a949e60b; >=0.4.0-next.a952d071 <0.4.0-next.a9a0fc30; >=0.4.0-next.a9cf7d8d <0.4.0-next.aa7754c9; >=0.4.0-next.aa9a92d2 <0.4.0-next.aadc1f2e; >=0.4.0-next.ab06a80d <0.4.0-next.ab31b869; >=0.4.0-next.ab5596ea <0.4.0-next.ad74d451; >=0.4.0-next.aed44107 <0.4.0-next.aef8737c; >=0.4.0-next.af4501d6 <0.4.0-next.b3b6681a; >=0.4.0-next.b3b678fb <0.4.0-next.b5200df6; >=0.4.0-next.b52900e6 <0.4.0-next.b531e562; >=0.4.0-next.b56b7acd <0.4.0-next.b5bf376f; >=0.4.0-next.b5cc2c7d <0.4.0-next.b6837de0; >=0.4.0-next.b6e09bdf <0.4.0-next.bace685a; >=0.4.0-next.bb90d69b <0.4.0-next.bc19d885; >=0.4.0-next.bc233ddd <0.4.0-next.bdbdecaf; >=0.4.0-next.be33962b <0.4.0-next.bfaa95d4; >=0.4.0-next.c01961fc <0.4.0-next.c145b153; >=0.4.0-next.c1adcdfe <0.4.0-next.c1c24b38; >=0.4.0-next.c2939ab3 <0.4.0-next.c363f004; >=0.4.0-next.c437f7f3 <0.4.0-next.c45b1f60; >=0.4.0-next.c5554c8a <0.4.0-next.c6b28624; >=0.4.0-next.c6b5ae92 <0.4.0-next.c6d140d6; >=0.4.0-next.c79be15e <0.4.0-next.c808c845; >=0.4.0-next.c81c4c1b <0.4.0-next.c87b1127; >=0.4.0-next.c88e7d9b <0.4.0-next.ca5e7962; >=0.4.0-next.cb9fc532 <0.4.0-next.cba64410; >=0.4.0-next.cc239652 <0.4.0-next.cc9ce16f; >=0.4.0-next.cd11b1d3 <0.4.0-next.cd757dbd; >=0.4.0-next.cda47a7f <0.4.0-next.ceec46c9; >=0.4.0-next.cefa1fb2 <0.4.0-next.cf78d0fb; >=0.4.0-next.cfd9fe1c <0.4.0-next.d0f98a65; >=0.4.0-next.d1410f75 <0.4.0-next.d1c2c40e; >=0.4.0-next.d22e6eab <0.4.0-next.d456dc01; >=0.4.0-next.d563b31a <0.4.0-next.d567df7a; >=0.4.0-next.d572d5f3 <0.4.0-next.d856a18f; >=0.4.0-next.d874539b <0.4.0-next.d980c133; >=0.4.0-next.d993c30e <0.4.0-next.da4e14af; >=0.4.0-next.daa7233c <0.4.0-next.daa9cba6; >=0.4.0-next.dacc2a1a <0.4.0-next.db9ee3eb; >=0.4.0-next.dc12d6db <0.4.0-next.dc6ac888; >=0.4.0-next.dcc328c2 <0.4.0-next.de618c7d; >=0.4.0-next.ded32dc6 <0.4.0-next.e0222f81; >=0.4.0-next.e0ccd3ac <0.4.0-next.e20742c8; >=0.4.0-next.e25aa8d6 <0.4.0-next.e2a1915f; >=0.4.0-next.e2b7741f <0.4.0-next.e2e8d9d7; >=0.4.0-next.e2f3ec66 <0.4.0-next.e349656d; >=0.4.0-next.e358acd5 <0.4.0-next.e3814508; >=0.4.0-next.e3837bb2 <0.4.0-next.e3a21dbb; >=0.4.0-next.e3d5e47c <0.4.0-next.e41a77e5; >=0.4.0-next.e420f3bb <0.4.0-next.e44da93d; >=0.4.0-next.e487d1b0 <0.4.0-next.e551f984; >=0.4.0-next.e5863c14 <0.4.0-next.e71caeee; >=0.4.0-next.e7a5cf1c <0.4.0-next.e7eb69fc; >=0.4.0-next.e8646eac <0.4.0-next.e8b0c7c2; >=0.4.0-next.e8dd128c <0.4.0-next.ea050217; >=0.4.0-next.eab60a0e <0.4.0-next.eb1ab0b3; >=0.4.0-next.eb580907 <0.4.0-next.eb8f3a65; >=0.4.0-next.ec57ef56 <0.4.0-next.ec5f7b16; >=0.4.0-next.ecd79892 <0.4.0-next.ee22a16e; >=0.4.0-next.ee64613f <0.4.0-next.ef000bd1; >=0.4.0-next.f030da0c <0.4.0-next.f16e383e; >=0.4.0-next.f25ca1e7 <0.4.0-next.f3f5a7dc; >=0.4.0-next.f3fb3095 <0.4.0-next.f4676b14; >=0.4.0-next.f4ec66a8 <0.4.0-next.f6e320d8; >=0.4.0-next.f6ee123d <0.4.0-next.f7649017; >=0.4.0-next.f846d8bd <0.4.0-next.f98eb08f; >=0.4.0-next.f9ae69d1 <0.4.0-next.fafc0816; >=0.4.0-next.fb14b1a2 <0.4.0-next.fc7080f2; >=0.4.0-next.fce07f87 <0.4.0-next.ff386514; >=0.4.0-next.ffbb7dcf <1.39.0-next.16

View task package health on Snyk (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @theia/task package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Unsafe Dependency Resolution @theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a malicious repository that, when cloned and opened, triggers execution of these commands. This can be automatically exploited by sending a message in the AI chat if the workspace settings disable tool confirmation. How to fix Unsafe Dependency Resolution? Upgrade `@theia/task` to version 1.69.0 or higher.	<1.69.0

Unsafe Dependency Resolution

@theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend.

Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a malicious repository that, when cloned and opened, triggers execution of these commands. This can be automatically exploited by sending a message in the AI chat if the workspace settings disable tool confirmation.

How to fix Unsafe Dependency Resolution?

Upgrade @theia/task to version 1.69.0 or higher.

<1.69.0

Go back to all versions of this package