In Eclipse Theia 0.1.1 to 0.2.0, it is practicable to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This prolongation uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. (CVSS:0.0) (Last Update:2021-09-03)

