Lucene search
K

6 matches found

NVD
NVD
added 2021/04/23 4:15 p.m.33 views

CVE-2018-25007

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...

4.3CVSS0.00574EPSS
Exploits0References2
OSV
OSV
added 2021/04/23 4:15 p.m.23 views

CVE-2018-25007

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...

4.3CVSS6.6AI score0.00574EPSS
Exploits0References2
CVE
CVE
added 2021/04/23 4:5 p.m.85 views

CVE-2018-25007

CVE-2018-25007 affects Vaadin Flow Server (com.vaadin:flow-server) due to a missing check in the UIDL request handler. Affected versions are 1.0.0–1.0.5, corresponding to Vaadin 10.0.0–10.0.7 and 11.0.0–11.0.2. The root cause is an unchecked UIDL synchronization message, which permits an attacker...

4.3CVSS4.1AI score0.00574EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/04/23 4:5 p.m.32 views

CVE-2018-25007 Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...

2.6CVSS4.5AI score0.00574EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/04/19 2:53 p.m.53 views

Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. - https://vaadin.com/security/cve-2018-25007...

4.3CVSS3.6AI score0.00574EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:49 p.m.49 views

Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. - https://vaadin.com/security/cve-2018-25007...

4.3CVSS3.6AI score0.00574EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder