4 matches found
CVE-2020-36319
CVE-2020-36319 affects Vaadin flow-server (com.vaadin:flow-server) versions 3.0.0–3.0.5 (Vaadin 15.0.0–15.0.4). The root cause is an insecure configuration of the default ObjectMapper, which may disclose sensitive data if the application also uses components like @RestController. The CVE is docum...
Potential sensitive data exposure in applications using Vaadin 15
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...
com.vaadin:flow (>=3.0.0 <=3.0.5), com.vaadin:flow-client (>=3.0.0 <=3.0.5) +87 more potentially affected by CVE-2020-36319 via com.vaadin:flow-server (>=3.0.0 <=3.0.5)
com.vaadin:flow-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =15.0.0, =15.0.4 - com.vaadin:vaadin-accordion-flow =3.0.0 - com.vaadin:vaadin-accordion-flow-demo =3.0.0 and more Source cves: CVE-2020-36319 Source advisory: OSV:GHSA-RJWW-2X8V-M...
GHSA-76F4-FW33-6J2V Potential sensitive data exposure in applications using Vaadin 15
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...