GHSA-94G8-XV23-7656 Vaadin Flow Components possible file bypass via upload validation on the server-side

Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...

Vaadin Flow Components 信息泄露漏洞

Vaadin Flow Components is a Maven multi-module project that contains all Vaadin flow components. A security vulnerability exists in Vaadin Flow Components that stems from the default configuration of the TreeGrid component that uses Object::toString as the key for client-server communication in...

com.vaadin:flow (>=1.0.0 <=1.0.14), com.vaadin:flow-client (>=1.0.0 <=1.0.14) +30 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=1.0.0 <=1.0.14)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.18 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...

Vaadin flow 安全漏洞

Vaadin flow is an application. vaadin platform Java framework for building modern websites that look good, perform well and keep you and your users happy. vaadin: flow-server versions 3.0.0 through 5.0.3 have a security vulnerability that can be exploited by attackers to guess the security token ...

Vaadin flow 跨站脚本漏洞

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A security vulnerability exists in vaadin:flow-server, which stems from a vulnerability that allows an attacker to execute...

Vaadin flow 路径遍历漏洞

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A path traversal vulnerability exists in vaadin: flow-server versions 2.0.0 through 2.4.1, which can be exploited by an...

com.vaadin:flow (=6.0.0), com.vaadin:flow-client (=6.0.0) +95 more potentially affected by CVE-2021-31407 via com.vaadin:flow-server (=6.0.0)

com.vaadin:flow-server MAVEN version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.vaadin:flow-server and may be impacted: - com.vaadin:flow =6.0.0 - com.vaadin:flow-client =6.0.0 - com.vaadin:flow-component-demo-helpers =6.0.0 -...