Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40theia/messages@0.4.0-next.c87b1127

Type npm

Namespace @theia

Name messages

Version 0.4.0-next.c87b1127

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.0.0

Latest_non_vulnerable_version 1.0.0

Affected_by_vulnerabilities

url VCID-dzh9-83r1-97c4

vulnerability_id VCID-dzh9-83r1-97c4

summary

Inclusion of Functionality from Untrusted Control Sphere
In Eclipse Theia versions up to and including, in the notification messages there is no HTML escaping, so Javascript code can run.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28162

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.3828
published_at	2026-06-04T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38324
published_at	2026-06-09T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38314
published_at	2026-06-08T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38343
published_at	2026-06-07T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38371
published_at	2026-06-06T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38368
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28162

reference_url

https://github.com/eclipse-theia/theia/blob/master/CHANGELOG.md#v100---26032020

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse-theia/theia/blob/master/CHANGELOG.md#v100---26032020

reference_url

https://github.com/eclipse-theia/theia/issues/7283

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse-theia/theia/issues/7283

reference_url

https://github.com/eclipse-theia/theia/pull/7289

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse-theia/theia/pull/7289

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28162

reference_id

CVE-2021-28162

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28162

reference_url

https://github.com/advisories/GHSA-c94v-8fff-73ph

reference_id

GHSA-c94v-8fff-73ph

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c94v-8fff-73ph

fixed_packages

url	pkg:npm/%40theia/messages@1.0.0
purl	pkg:npm/%40theia/messages@1.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/messages@1.0.0

aliases CVE-2021-28162, GHSA-c94v-8fff-73ph

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzh9-83r1-97c4

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/messages@0.4.0-next.c87b1127

Package Instance