Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to inconsistent path pattern matching of reserved framework paths. An attacker can create unauthorized sessions and trigger framework initialization by accessing the /VAADIN endpoint without a trailing slash,...

com.flowingcode.vaadin.test:testbench-rpc (>=1.4.0 <=1.5.0), com.github.mcollovati.vertx:vaadin-flow-sockjs (>=14.0.0 <=14.0.13) +201 more potentially affected by CVE-2026-2741 via com.vaadin:flow-server (>=2.0.0 <=2.13.0)

com.vaadin:flow-server MAVEN version =2.0.0, =1.4.0, =14.0.0, =14.0.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.1 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518323...

ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +662 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=1.1.0 <=2.8.1)

com.vaadin:flow-server MAVEN version =1.1.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.4.0, =0.1.0, =0.2.0 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.1 <=1.1.2), com.beirtipol:jfixtools-reporting (=1.0-BETA) +129 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=3.0.0 <=9.1.0)

com.vaadin:flow-server MAVEN version =3.0.0, =1.0.1, =1.1.6, =15.0.0, =15.0.0, =3.2.3, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =9.1.0 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...

ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +664 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=1.1.0 <=2.9.2)

com.vaadin:flow-server MAVEN version =1.1.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =0.1, =14.8, =3.7.0, =2.9.3, =1.0.0, =1.0.1 - com.flowingcode.vaadin.addons:zoomist-addon =1.0.0 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...

com.vaadin:flow (>=1.0.0 <=1.0.20), com.vaadin:flow-client (>=1.0.0 <=1.0.20) +44 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=1.0.0 <=1.0.20)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.2, =2.0.1, =1.0.0, =6.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.1 <=1.1.2), com.beirtipol:jfixtools-reporting (=1.0-BETA) +129 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=3.0.0 <=9.1.10)

com.vaadin:flow-server MAVEN version =3.0.0, =1.0.1, =1.1.6, =15.0.0, =15.0.0, =3.2.3, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =9.1.10 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +109 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=3.0.0 <=6.0.1)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =6.0.1 and more Source cves: CVE-2021-31412 Source advisory: OSV:GHSA-FR26-QJC8-MVJX...

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +109 more potentially affected by CVE-2021-33604 via com.vaadin:flow-server (>=3.0.0 <=6.0.1)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =6.0.1 and more Source cves: CVE-2021-33604 Source advisory: OSV:GHSA-8VFW-V2JV-9HWC...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0 <=1.0.0.RC4), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (>=0.1 <=14.1.4) +252 more potentially affected by CVE-2021-33604 via com.vaadin:flow-server (>=2.0.0 <=2.6.1)

com.vaadin:flow-server MAVEN version =2.0.0, =1.0.0, =0.1, =1.4.0, =1.0, =0.0.1, =14.0.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.2.3 and more Source cves: CVE-2021-33604 Source advisory: OSV:GHSA-8VFW-V2JV-9HWC...

CVE-2021-33604

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...

vaadin:flow-server 输入验证错误漏洞

Vaadin flow is a software application.The Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A security vulnerability exists in vaadin:flow-server that stems from improper path cleanup in the default RouteNotFoundError...

vaadin:flow-server 安全漏洞

Vaadin flow is a software application.The Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A security vulnerability exists in vaadin:flow-server that stems from a URL encoding error in the development mode handler. T...

PT-2021-19294 · Vaadin · Com.Vaadin:Flow-Server

Name of the Vulnerable Software and Affected Versions: com.vaadin:flow-server versions 1.0.0 through 1.0.14 com.vaadin:flow-server versions 1.1.0 prior to 2.0.0 com.vaadin:flow-server versions 2.0.0 through 2.6.1 com.vaadin:flow-server versions 3.0.0 through 6.0.9 Description: The issue is relate...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0 <=1.0.0.RC4), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (>=0.1 <=14.1.4) +247 more potentially affected by unknown CVE via com.vaadin:flow-server (>=2.0.9 <=2.5.2)

com.vaadin:flow-server MAVEN version =2.0.9, =1.0.0, =0.1, =1.4.0, =1.0, =0.0.1, =14.1.0, =14.1.0, =0.0.3, =1.0.2, =0.3.1, =1.0.2, =1.0.0, =0.5.1, =2.1.0, =2.2.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C57F-4VP2-JQHM...

Vaadin flow 信息泄露漏洞

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. An information disclosure vulnerability exists in vaadin:flow-server, which stems from an insecure configuration of the...

com.faendir.vaadin:jfreechart-flow (=1.1.6), com.github.mcollovati.vertx:vaadin-flow-sockjs (=0.2.0) +89 more potentially affected by CVE-2018-25007 via com.vaadin:flow-server (>=1.0.0 <=1.0.5)

com.vaadin:flow-server MAVEN version =1.0.0, =0.2.0, =0.5.0, =1.0.0.ALPHA1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.23 and more Source cves: CVE-2018-25007 Source advisory: OSV:GHSA-JMX8-355M-8VWH...

GHSA-RJWW-2X8V-M9V9 Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +101 more potentially affected by CVE-2020-36321 via com.vaadin:flow-server (>=3.0.0 <=4.0.8)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.0.8 and more Source cves: CVE-2020-36321 Source advisory: OSV:GHSA-49R2-73M6-PP8F...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0.M1 <=1.0.0.RC3), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (=0.1) +240 more potentially affected by CVE-2020-36321 via com.vaadin:flow-server (>=2.0.0 <=2.4.1)

com.vaadin:flow-server MAVEN version =2.0.0, =1.0.0.M1, =1.4.0, =1.0, =0.0.1, =14.0.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.2.3 and more Source cves: CVE-2020-36321 Source advisory: OSV:GHSA-49R2-73M6-PP8F...