4 matches found
CVE-2023-25500
creationtimestamp| type| source ---|---|--- 2024-01-28 00:20:14+00:00| seen| https://t.me/arpsyndicate/3128...
com.alibaba.rsocket:alibaba-broker-server (>=1.0.1 <=1.1.2), com.beirtipol:jfixtools-reporting (=1.0-BETA) +129 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=3.0.0 <=9.1.10)
com.vaadin:flow-server MAVEN version =3.0.0, =1.0.1, =1.1.6, =15.0.0, =15.0.0, =3.2.3, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =9.1.10 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...
CVE-2023-25500
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests...
CVE-2023-25500
Vaadin CVE-2023-25500 affects Vaadin 10.0.0–10.0.23, 11.0.0–14.10.1, 15.0.0–22.0.28, 23.0.0–23.3.13, 24.0.0–24.0.6, and 24.1.0.alpha1–24.1.0.rc2. It enables potential information disclosure of class and method names in RPC responses when requests are modified. Root cause per the documents is insu...