CVE-2021-33609

CVSS v3.1 4.3 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.08 % (33^th)

Affected Products 1

Advisories 1

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

Weaknesses

CWE-20: Improper Input Validation
CWE-400: Uncontrolled Resource Consumption

CVE Status: PUBLISHED
CNA: Vaadin Ltd.
Published Date: 2021-10-13 11:15:07
(2 years ago)
Updated Date: 2022-10-27 13:03:56
(23 months ago)

Affected Products

Vaadin

Vaadin

Configuration #1

		CPE23	From	Up To
	Vaadin from 8.0.0 version and prior 8.14.1 version	cpe:2.3:a:vaadin:vaadin	>= 8.0.0	< 8.14.1