pkg:maven/com.vaadin/flow-server

Type maven

Namespace com.vaadin

Name flow-server

Known advisories, vulnerabilities and fixes for com.vaadin/flow-server package.

Repository: https://mvnrepository.com/artifact/com.vaadin/flow-server

High 1

Moderate 7

Low 4

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 1.2.0, <= 2.4.7 = 6.0.0	CVE-2021-31407	MAVEN:GHSA-25XC-JWFQ-39JW	OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure	high	2021-04-19T14:50:49 (3 years ago)
Fixed	= 2.4.8 = 6.0.1	CVE-2021-31407	MAVEN:GHSA-25XC-JWFQ-39JW	OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure	high	2021-04-19T14:50:49 (3 years ago)
Affected	>= 2.0.0, < 2.4.2 >= 3.0.0, < 5.0.0	CVE-2020-36321	MAVEN:GHSA-49R2-73M6-PP8F	Directory traversal in development mode handler in Vaadin 14 and 15-17	moderate	2021-04-19T14:51:58 (3 years ago)
Fixed	= 2.4.2 = 5.0.0	CVE-2020-36321	MAVEN:GHSA-49R2-73M6-PP8F	Directory traversal in development mode handler in Vaadin 14 and 15-17	moderate	2021-04-19T14:51:58 (3 years ago)
Affected	>= 24.1.0.alpha1, < 24.1.0 >= 24.0.0, < 24.0.8 >= 23.0.0, < 23.3.11 >= 3.0.0, < 9.1.1 >= 1.1.0, < 2.8.10 >= 1.0.0, < 1.0.20	CVE-2023-25499	MAVEN:GHSA-5F9V-MV5G-JH5Q	Vaadin vulnerable to possible information disclosure in non visible components.	moderate	2023-06-22T20:01:11 (15 months ago)
Fixed	= 24.1.0 = 24.0.8 = 23.3.11 = 9.1.1 = 2.8.10 = 1.0.20	CVE-2023-25499	MAVEN:GHSA-5F9V-MV5G-JH5Q	Vaadin vulnerable to possible information disclosure in non visible components.	moderate	2023-06-22T20:01:11 (15 months ago)
Affected	>= 3.0.0, <= 6.0.9 >= 2.0.0, <= 2.6.1		MAVEN:GHSA-8VFW-V2JV-9HWC	Reflected cross-site scripting in development mode handler in Vaadin	low	2021-06-28T16:52:45 (3 years ago)
Fixed	= 6.0.10 = 2.6.2		MAVEN:GHSA-8VFW-V2JV-9HWC	Reflected cross-site scripting in development mode handler in Vaadin	low	2021-06-28T16:52:45 (3 years ago)
Affected	>= 3.0.0, <= 6.0.5 >= 2.0.9, <= 2.5.2		MAVEN:GHSA-C57F-4VP2-JQHM	Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19	moderate	2021-05-06T15:27:04 (3 years ago)
Fixed	= 6.0.6 = 2.5.3		MAVEN:GHSA-C57F-4VP2-JQHM	Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19	moderate	2021-05-06T15:27:04 (3 years ago)
Affected	>= 24.1.alpha1, < 24.1.0 >= 24.0.0, < 24.0.9 >= 23.0.0, < 23.3.13 >= 3.0.0, < 9.1.2 >= 1.1.0, < 2.9.3 >= 1.0.0, < 1.0.21	CVE-2023-25500	MAVEN:GHSA-CH48-9R3Q-PV7X	Vaadin vulnerable to possible information disclosure of class and method names in RPC response	low	2023-06-22T20:01:03 (15 months ago)
Fixed	= 24.1.0 = 24.0.9 = 23.3.13 = 9.1.2 = 2.9.3 = 1.0.21	CVE-2023-25500	MAVEN:GHSA-CH48-9R3Q-PV7X	Vaadin vulnerable to possible information disclosure of class and method names in RPC response	low	2023-06-22T20:01:03 (15 months ago)
Affected	>= 3.0.0, < 6.0.10 >= 1.1.0, < 2.6.2 >= 1.0.0, < 1.0.15		MAVEN:GHSA-FR26-QJC8-MVJX	Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19	moderate	2021-10-13T18:56:12 (2 years ago)
Fixed	= 6.0.10 = 2.6.2 = 1.0.15		MAVEN:GHSA-FR26-QJC8-MVJX	Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19	moderate	2021-10-13T18:56:12 (2 years ago)
Affected	>= 1.0.0, <= 1.0.5	CVE-2018-25007	MAVEN:GHSA-JMX8-355M-8VWH	Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11	low	2021-04-19T14:53:09 (3 years ago)
Fixed	= 1.0.6	CVE-2018-25007	MAVEN:GHSA-JMX8-355M-8VWH	Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11	low	2021-04-19T14:53:09 (3 years ago)
Affected	= 6.0.0 >= 3.0.0, < 5.0.4	CVE-2021-31406	MAVEN:GHSA-P7JQ-V8JP-J424	Timing side channel vulnerability in endpoint request handler in Vaadin 15-19	moderate	2021-04-19T14:50:38 (3 years ago)
Fixed	= 6.0.1 = 5.0.4	CVE-2021-31406	MAVEN:GHSA-P7JQ-V8JP-J424	Timing side channel vulnerability in endpoint request handler in Vaadin 15-19	moderate	2021-04-19T14:50:38 (3 years ago)
Affected	>= 3.0.0, < 3.0.6	CVE-2020-36319	MAVEN:GHSA-RJWW-2X8V-M9V9	Potential sensitive data exposure in applications using Vaadin 15	low	2021-04-19T14:52:14 (3 years ago)
Fixed	= 3.0.6	CVE-2020-36319	MAVEN:GHSA-RJWW-2X8V-M9V9	Potential sensitive data exposure in applications using Vaadin 15	low	2021-04-19T14:52:14 (3 years ago)
Affected	>= 1.1.0, < 1.4.3 >= 1.0.0, < 1.0.11	CVE-2019-25027	MAVEN:GHSA-RP4X-WXQV-CF9M	Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13	moderate	2021-04-19T14:52:29 (3 years ago)
Fixed	= 1.4.3 = 1.0.11	CVE-2019-25027	MAVEN:GHSA-RP4X-WXQV-CF9M	Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13	moderate	2021-04-19T14:52:29 (3 years ago)
Affected	>= 3.0.0, < 5.0.3 >= 1.1.0, < 2.4.7 >= 1.0.0, < 1.0.14	CVE-2021-31404	MAVEN:GHSA-XWG3-QRCG-W9X6	Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18	moderate	2021-04-19T14:51:25 (3 years ago)
Fixed	= 5.0.3 = 2.4.7 = 1.0.14	CVE-2021-31404	MAVEN:GHSA-XWG3-QRCG-W9X6	Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18	moderate	2021-04-19T14:51:25 (3 years ago)