[MAVEN:GHSA-JMX8-355M-8VWH] Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Severity
Low
Affected Packages
1
Fixed Packages
1
CVEs
1
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
Package | Affected Version |
---|---|
pkg:maven/com.vaadin/flow-server | >= 1.0.0, <= 1.0.5 |
Package | Fixed Version |
---|---|
pkg:maven/com.vaadin/flow-server | = 1.0.6 |
- ID
- MAVEN:GHSA-JMX8-355M-8VWH
- Severity
- low
- URL
- https://github.com/advisories/GHSA-jmx8-355m-8vwh
- Published
-
2021-04-19T14:53:09
(3 years ago) - Modified
-
2023-02-01T05:05:28
(19 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/com.vaadin/flow-server | com.vaadin | flow-server | >= 1.0.0 <= 1.0.5 | |||
Fixed | pkg:maven/com.vaadin/flow-server | com.vaadin | flow-server | = 1.0.6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |