6 matches found
Security Bulletin: IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service (CVE-2021-31403, CVE-2021-33609)
Summary IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service due to vulnerabilities in Vaadin JAR. The fix involves upgrading the Vaadin JAR to the patched version. Vulnerability Details CVEID:CVE-2021-31403 DESCRIPTION: Vaadin could allow a local...
ca.qc.ircm:plate-layout (=0.8), com.github.mvysny.karibudsl:karibu-dsl-v8 (>=1.0.0 <=1.0.8) +68 more potentially affected by CVE-2021-33609 via com.vaadin:vaadin-server (>=8.0.0 <=8.14.0)
com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =2.0.0, =1.0.0, =2.0.3, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.14.0 and more Source cves: CVE-2021-33609 Source advisory: OSV:GHSA-J23J-Q57M-63V3...
CVE-2021-33609
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
CVE-2021-33609
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
CVE-2021-33609 Denial of service in DataCommunicator class in Vaadin 8
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
CVE-2021-33609
CVE-2021-33609 affects Vaadin’s DataCommunicator in com.vaadin:vaadin-server, with versions 8.0.0–8.14.0 vulnerable to heap exhaustion when an authenticated network attacker requests too many rows of data. Connected sources consistently describe this as a Denial of Service by missing a check in D...