pkg:maven/com.vaadin/vaadin-bom
Type
maven
Namespace
com.vaadin
Name
vaadin-bom
Known advisories, vulnerabilities and fixes for com.vaadin/vaadin-bom package.
High
5
Moderate
10
Low
3
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 15.0.0, < 17.0.11 >= 14.0.6, < 14.4.4 |
CVE-2021-31405
|
 MAVEN:GHSA-2WQP-JMCC-MC77
|
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 | high |
2021-04-19T14:47:34
(3 years ago) |
|
| Fixed | = 17.0.11 = 14.4.4 |
CVE-2021-31405
|
MAVEN:GHSA-2WQP-JMCC-MC77
|
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 | high |
2021-04-19T14:47:34
(3 years ago) |
|
| Affected | >= 11.0.0, < 11.0.3 >= 10.0.0, < 10.0.8 |
MAVEN:GHSA-3H5R-928V-MXHH
|
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 | low |
2021-04-19T14:49:13
(3 years ago) |
||
| Fixed | = 11.0.3 = 10.0.8 |
MAVEN:GHSA-3H5R-928V-MXHH
|
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 | low |
2021-04-19T14:49:13
(3 years ago) |
||
| Affected | >= 7.0.0, < 7.7.22 |
CVE-2020-36320
|
MAVEN:GHSA-42J4-733X-5VCF
|
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7 | high |
2021-04-19T14:49:32
(3 years ago) |
|
| Fixed | = 7.7.22 |
CVE-2020-36320
|
MAVEN:GHSA-42J4-733X-5VCF
|
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7 | high |
2021-04-19T14:49:32
(3 years ago) |
|
| Affected | >= 8.0.0, < 8.12.3 >= 7.0.0, < 7.7.24 |
CVE-2021-31403
|
MAVEN:GHSA-75XC-QVXH-27F8
|
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 | moderate |
2021-04-19T14:51:06
(3 years ago) |
|
| Fixed | = 8.12.3 = 7.7.24 |
CVE-2021-31403
|
MAVEN:GHSA-75XC-QVXH-27F8
|
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 | moderate |
2021-04-19T14:51:06
(3 years ago) |
|
| Affected | >= 15.0.0, < 15.0.5 |
MAVEN:GHSA-76F4-FW33-6J2V
|
Potential sensitive data exposure in applications using Vaadin 15 | low |
2021-04-19T14:48:26
(3 years ago) |
||
| Fixed | = 15.0.5 |
MAVEN:GHSA-76F4-FW33-6J2V
|
Potential sensitive data exposure in applications using Vaadin 15 | low |
2021-04-19T14:48:26
(3 years ago) |
||
| Affected | >= 15.0.0, < 18.0.0 >= 14.0.0, < 14.4.3 |
MAVEN:GHSA-82MF-MMH7-HXP5
|
Directory traversal in development mode handler in Vaadin 14 and 15-17 | moderate |
2021-04-19T14:48:15
(3 years ago) |
||
| Fixed | = 18.0.0 = 14.4.3 |
MAVEN:GHSA-82MF-MMH7-HXP5
|
Directory traversal in development mode handler in Vaadin 14 and 15-17 | moderate |
2021-04-19T14:48:15
(3 years ago) |
||
| Affected | >= 14.0.0, <= 14.4.4 |
CVE-2021-33611
|
MAVEN:GHSA-93C4-VF86-3RJ7
|
Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 | moderate |
2021-11-03T17:33:32
(2 years ago) |
|
| Fixed | = 14.4.5 |
CVE-2021-33611
|
MAVEN:GHSA-93C4-VF86-3RJ7
|
Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 | moderate |
2021-11-03T17:33:32
(2 years ago) |
|
| Affected | >= 15.0.0, < 18.0.7 = 19.0.0 |
MAVEN:GHSA-9H6G-6MXG-VVP4
|
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 | moderate |
2021-04-19T14:47:18
(3 years ago) |
||
| Fixed | = 18.0.7 = 19.0.1 |
MAVEN:GHSA-9H6G-6MXG-VVP4
|
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 | moderate |
2021-04-19T14:47:18
(3 years ago) |
||
| Affected | >= 15.0.0, < 18.0.6 >= 11.0.0, < 14.4.7 >= 10.0.0, < 10.0.17 |
MAVEN:GHSA-C6C4-7X48-4CQP
|
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 | moderate |
2021-04-19T14:47:47
(3 years ago) |
||
| Fixed | = 18.0.6 = 14.4.7 = 10.0.17 |
MAVEN:GHSA-C6C4-7X48-4CQP
|
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 | moderate |
2021-04-19T14:47:47
(3 years ago) |
||
| Affected | >= 15.0.0, <= 19.0.8 >= 14.0.0, <= 14.6.1 |
CVE-2021-33604
|
MAVEN:GHSA-C99R-67X4-WHJ6
|
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 | low |
2021-06-28T16:56:07
(3 years ago) |
|
| Fixed | = 19.0.9 = 14.6.2 |
CVE-2021-33604
|
MAVEN:GHSA-C99R-67X4-WHJ6
|
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 | low |
2021-06-28T16:56:07
(3 years ago) |
|
| Affected | >= 15.0.0, < 20.0.6 >= 12.0.0, < 14.6.8 |
MAVEN:GHSA-HW7R-QRHP-5PFF
|
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 | moderate |
2021-08-30T16:16:46
(3 years ago) |
||
| Fixed | = 20.0.6 = 14.6.8 |
MAVEN:GHSA-HW7R-QRHP-5PFF
|
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 | moderate |
2021-08-30T16:16:46
(3 years ago) |
||
| Affected | = 19.0.0 >= 12.0.0, < 14.4.10 |
MAVEN:GHSA-J9WR-49VQ-RM5G
|
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 | high |
2021-04-19T14:46:49
(3 years ago) |
||
| Fixed | = 19.0.1 = 14.4.10 |
MAVEN:GHSA-J9WR-49VQ-RM5G
|
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 | high |
2021-04-19T14:46:49
(3 years ago) |
||
| Affected | >= 8.0.0, <= 8.12.4 |
MAVEN:GHSA-JFMF-W293-8XR8
|
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8 | high |
2021-10-13T18:55:52
(2 years ago) |
||
| Fixed | = 8.13.0 |
MAVEN:GHSA-JFMF-W293-8XR8
|
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8 | high |
2021-10-13T18:55:52
(2 years ago) |
||
| Affected | >= 11.0.0, < 13.0.6 >= 10.0.0, < 10.0.14 |
MAVEN:GHSA-JQJ4-R483-4GVR
|
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 | moderate |
2021-04-19T14:48:51
(3 years ago) |
||
| Fixed | = 13.0.6 = 10.0.14 |
MAVEN:GHSA-JQJ4-R483-4GVR
|
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 | moderate |
2021-04-19T14:48:51
(3 years ago) |
||
| Affected | >= 18.0.0, < 19.0.4 |
CVE-2021-31408
|
MAVEN:GHSA-MR8H-J9CV-4M8H
|
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 | moderate |
2021-04-22T16:11:17
(3 years ago) |
|
| Fixed | = 19.0.4 |
CVE-2021-31408
|
MAVEN:GHSA-MR8H-J9CV-4M8H
|
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 | moderate |
2021-04-22T16:11:17
(3 years ago) |
|
| Affected | >= 15.0.0, <= 19.0.2 >= 14.0.3, <= 14.5.2 |
CVE-2021-31411
|
MAVEN:GHSA-P826-8VHQ-H439
|
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 | high |
2021-05-06T15:27:12
(3 years ago) |
|
| Fixed | = 19.0.5 = 14.5.3 |
CVE-2021-31411
|
MAVEN:GHSA-P826-8VHQ-H439
|
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 | high |
2021-05-06T15:27:12
(3 years ago) |
|
| Affected | >= 8.0.0, < 8.8.5 >= 7.4.0, < 7.7.20 |
CVE-2019-25028
|
MAVEN:GHSA-Q74R-4XW3-PPX9
|
Stored cross-site scripting in Grid component in Vaadin 7 and 8 | moderate |
2021-04-19T14:49:48
(3 years ago) |
|
| Fixed | = 8.8.5 = 7.7.20 |
CVE-2019-25028
|
MAVEN:GHSA-Q74R-4XW3-PPX9
|
Stored cross-site scripting in Grid component in Vaadin 7 and 8 | moderate |
2021-04-19T14:49:48
(3 years ago) |
|
| Affected | >= 15.0.0, <= 19.0.8 >= 11.0.0, < 14.0.0 >= 10.0.0, <= 10.0.18 |
CVE-2021-31412
|
MAVEN:GHSA-QRG9-F472-QWFM
|
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 | moderate |
2021-06-28T16:55:58
(3 years ago) |
|
| Fixed | = 19.0.9 = 14.6.2 = 10.0.19 |
CVE-2021-31412
|
MAVEN:GHSA-QRG9-F472-QWFM
|
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 | moderate |
2021-06-28T16:55:58
(3 years ago) |