Lucene search
+L

7 matches found

vulnersosv
vulnersosv
added 2023/06/22 8:1 p.m.11 views

com.vaadin:flow (>=1.0.0 <=1.0.19), com.vaadin:flow-client (>=1.0.0 <=1.0.19) +44 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=1.0.0 <=1.0.2)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.2, =2.0.1, =1.0.0, =6.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...

6.5CVSS6.5AI score0.0058EPSS
Exploits0
vulnersosv
vulnersosv
added 2023/06/22 8:1 p.m.5 views

ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +671 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=1.1.0 <=2.8.1)

com.vaadin:flow-server MAVEN version =1.1.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.4.0, =1.5.0 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...

6.5CVSS6.5AI score0.0058EPSS
Exploits0
vulnersosv
vulnersosv
added 2023/06/22 8:1 p.m.3 views

com.alibaba.rsocket:alibaba-broker-server (>=1.0.1 <=1.1.2), com.beirtipol:jfixtools-reporting (=1.0-BETA) +129 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=3.0.0 <=9.1.0)

com.vaadin:flow-server MAVEN version =3.0.0, =1.0.1, =1.1.6, =15.0.0, =15.0.0, =3.2.3, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =9.1.0 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...

6.5CVSS6.5AI score0.0058EPSS
Exploits0
vulnrichment
vulnrichment
added 2023/06/22 12:47 p.m.10 views

CVE-2023-25499 Possible information disclosure in non visible components

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information...

5.7CVSS6.5AI score0.0058EPSS
Exploits0References2
osv
osv
added 2023/06/22 12:47 p.m.22 views

CVE-2023-25499 Possible information disclosure in non visible components

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information...

5.7CVSS6.6AI score0.0058EPSS
Exploits0References6
cve
cve
added 2023/06/22 12:47 p.m.63 views

CVE-2023-25499

Vaadin server-side UI: information disclosure when adding non-visible components. Affected versions include Vaadin 10.0.0–10.0.22, 11.0.0–14.10.0, 15.0.0–22.0.28, 23.0.0–23.3.12, 24.0.0–24.0.5, and 24.1.0.alpha1–24.1.0.beta1. Root cause: content from non-visible components is sent to the browser....

6.5CVSS5.8AI score0.0058EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/06/22 12:47 p.m.34 views

CVE-2023-25499 Possible information disclosure in non visible components

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information...

5.7CVSS6.5AI score0.0058EPSS
Exploits0References2
Rows per page
Query Builder