Lucene search
+L

4 matches found

CVE
CVE
added 2021/04/23 4:5 p.m.88 views

CVE-2020-36319

CVE-2020-36319 affects Vaadin flow-server (com.vaadin:flow-server) versions 3.0.0–3.0.5 (Vaadin 15.0.0–15.0.4). The root cause is an insecure configuration of the default ObjectMapper, which may disclose sensitive data if the application also uses components like @RestController. The CVE is docum...

6.5CVSS5AI score0.01001EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2021/04/19 2:52 p.m.65 views

Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

6.5CVSS6.2AI score0.01001EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2021/04/19 2:52 p.m.7 views

com.vaadin:flow (>=3.0.0 <=3.0.5), com.vaadin:flow-client (>=3.0.0 <=3.0.5) +87 more potentially affected by CVE-2020-36319 via com.vaadin:flow-server (>=3.0.0 <=3.0.5)

com.vaadin:flow-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =15.0.0, =15.0.4 - com.vaadin:vaadin-accordion-flow =3.0.0 - com.vaadin:vaadin-accordion-flow-demo =3.0.0 and more Source cves: CVE-2020-36319 Source advisory: OSV:GHSA-RJWW-2X8V-M...

6.5CVSS6.5AI score0.01001EPSS
Exploits0
OSV
OSV
added 2021/04/19 2:48 p.m.66 views

GHSA-76F4-FW33-6J2V Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

3.1CVSS6.3AI score0.01001EPSS
Exploits0References3
Rows per page
Query Builder