In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @theia/core to version 1.73.0 or higher.
@theia/core is a the main extension for all Theia-based applications, and provides the main framework for all dependent extensions.
Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the shell-terminal and terminals/:id WebSocket endpoints when origin validation is bypassed due to missing or manipulated headers. An attacker can execute arbitrary operating system commands and access their output by enticing a user to visit a malicious web page while a vulnerable instance is running.