pkg:maven/com.vaadin/vaadin-server
Type
maven
Namespace
com.vaadin
Name
vaadin-server
Known advisories, vulnerabilities and fixes for com.vaadin/vaadin-server package.
High
1
Moderate
4
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 7.0.0, < 7.7.22 |
CVE-2020-36320
|
MAVEN:GHSA-42J4-733X-5VCF | Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7 | high |
2021-04-19T14:49:32
(3 years ago) |
|
Fixed | = 7.7.22 |
CVE-2020-36320
|
MAVEN:GHSA-42J4-733X-5VCF | Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7 | high |
2021-04-19T14:49:32
(3 years ago) |
|
Affected | >= 8.0.0, < 8.12.3 >= 7.0.0, < 7.7.24 |
CVE-2021-31403
|
MAVEN:GHSA-75XC-QVXH-27F8 | Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 | moderate |
2021-04-19T14:51:06
(3 years ago) |
|
Fixed | = 8.12.3 = 7.7.24 |
CVE-2021-31403
|
MAVEN:GHSA-75XC-QVXH-27F8 | Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 | moderate |
2021-04-19T14:51:06
(3 years ago) |
|
Affected | >= 8.0.0, < 8.14.1 | MAVEN:GHSA-J23J-Q57M-63V3 | Denial of service in DataCommunicator class in Vaadin 8 | moderate |
2021-10-13T18:54:50
(2 years ago) |
||
Fixed | = 8.14.1 | MAVEN:GHSA-J23J-Q57M-63V3 | Denial of service in DataCommunicator class in Vaadin 8 | moderate |
2021-10-13T18:54:50
(2 years ago) |
||
Affected | >= 8.0.0, < 8.8.5 >= 7.4.0, < 7.7.20 |
CVE-2019-25028
|
MAVEN:GHSA-Q74R-4XW3-PPX9 | Stored cross-site scripting in Grid component in Vaadin 7 and 8 | moderate |
2021-04-19T14:49:48
(3 years ago) |
|
Fixed | = 8.8.5 = 7.7.20 |
CVE-2019-25028
|
MAVEN:GHSA-Q74R-4XW3-PPX9 | Stored cross-site scripting in Grid component in Vaadin 7 and 8 | moderate |
2021-04-19T14:49:48
(3 years ago) |
|
Affected | >= 8.0.0, < 8.14.1 |
CVE-2021-33609
|
MAVEN:GHSA-QCGX-CRRX-38V5 | Denial of service in DataCommunicator class in Vaadin 8 | moderate |
2021-10-13T18:54:09
(2 years ago) |
|
Fixed | = 8.14.1 |
CVE-2021-33609
|
MAVEN:GHSA-QCGX-CRRX-38V5 | Denial of service in DataCommunicator class in Vaadin 8 | moderate |
2021-10-13T18:54:09
(2 years ago) |