Sharyie
commented
1 year ago hello, Are there any plans to fix this vuln?
Closed Sharyie closed 1 year ago
Sharyie
commented
1 year ago hello, Are there any plans to fix this vuln?
msujew
commented
1 year ago @Sharyie This will be fixed with the next electron dependency upgrade, see also https://github.com/eclipse-theia/theia/issues/12855. Note that the risk of this vulnerability is pretty minor in Theia - it would require the use of a malicious vscode extension or manually loading a malicious webpage through the in-app browser.
Sharyie
commented
1 year ago Thanks, note that the security electron version of 25.x.y is 25.8.4 and later.
electron was affected by a vuln refer to CVE-2023-4863, and electron has been upgraded to fix it and released secure editions.
electron-mocha depends on electron, and has been released a new version 12.1.0 which upgreaded electron to secure edition.
theia depends on electron-mocha 11.0.x, so could you please release a new version to upgrade electron-mocah to 12.1.0 for fixing the vuln?