CNNVD-202601-4997 Information

CNNVD ID

CNNVD-202601-4997

Related CVE

CVE-2026-1699

• CNNVD Published: 2026-01-30

Description (Chinese)

Eclipse Theia - Website是Eclipse基金会的一个开发环境框架。 Eclipse Theia - Website存在安全漏洞，该漏洞源于GitHub Actions工作流使用pull_request_target触发器执行不受信任的代码，可能导致任意代码执行、凭据泄露和恶意代码推送。

Description (English)

Eclipse Theia-Website is a development environment framework for the Eclipse Foundation. Eclipse Theia-Website has a security loophole, which stems from the use of the put request target trigger by GitHub Actions to execute untrusted codes, which can lead to arbitrary code execution, leaking evidence and malicious code delivery.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Eclipse

Published

2026-01-30

Last Modified

2026-02-24

References

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/332 https://access.redhat.com/security/cve/cve-2026-1699

Patch

https://github.com/eclipse-theia/theia/releases