Vaadin Flow-server
11 CVEs affecting Vaadin Flow-server. Latest disclosed: 2023-06-22. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-31407 | High | 8.6 | 2021-04-23 | Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0… |
CVE-2021-31411 | Medium | 6.3 | 2021-05-05 | Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2)… |
CVE-2019-25027 | Medium | 6.1 | 2021-04-23 | Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1… |
CVE-2020-36321 | Medium | 5.9 | 2021-04-23 | Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0… |
CVE-2023-25499 | Medium | 5.7 | 2023-06-22 | When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 th… |
CVE-2021-31412 | Medium | 5.3 | 2021-06-24 | Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0… |
CVE-2021-31406 | Medium | 4.0 | 2021-04-23 | Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6)… |
CVE-2021-31404 | Medium | 4.0 | 2021-04-23 | Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1… |
CVE-2020-36319 | Low | 3.1 | 2021-04-23 | Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data… |
CVE-2018-25007 | Low | 2.6 | 2021-04-23 | Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows a… |
CVE-2021-33604 | Low | 2.5 | 2021-06-24 | URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaad… |