12 matches found
CVE-2025-9467
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 -...
Vaadin Platform possible file bypass via upload validation on the server-side
Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...
GHSA-C7V7-RQFM-F44J Vaadin Platform possible file bypass via upload validation on the server-side
Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...
Vaadin Flow Components possible file bypass via upload validation on the server-side
Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...
Arbitrary File Upload
Overview com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Arbitrary File Upload via Vaadin Upload's start listener in the multi-upload mode. An attacker can upload unauthorized files by bypassing server-side metadat...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via Vaadin Upload's start listener in the multi-upload mode. An attacker can upload unauthorized files by bypassing server-side metadata validation. Remediation Upgrade com.vaadin:vaadin-upload-flow to version...
GHSA-9GFH-4FWJ-W3RJ Vaadin Framework possible file bypass via upload validation on the server-side
Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...
CVE-2025-9467
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 -...
CVE-2025-9467 Possibility to bypass file upload validation on the server-side
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 -...
CVE-2025-9467
CVE-2025-9467 affects Vaadin Upload validation via the start listener, allowing bypass of server-side metadata checks in multi-upload mode. Concrete affected components and versions are listed in public advisories: Vaadin server/flow components (vaadin-server 7.0.0–7.7.47 fixed 7.7.48; 8.0.0–8.28...
CVE-2025-9467 Possibility to bypass file upload validation on the server-side
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 -...
Possibility to bypass file upload validation on the server-side
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. See CWE-20 Improper Input Validation Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is...