MAL-2024-9443 Malicious code in sn-flow-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40af2ecf250ffc74b1566c2e1b013c1fb2f8e1917dc5878511d1dbaf791c0c48 The OpenSSF Package Analysis project identified 'sn-flow-client' @ 10.10.10 npm as malicious. It is considered malicious because: - The package...

Malicious code in sn-flow-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40af2ecf250ffc74b1566c2e1b013c1fb2f8e1917dc5878511d1dbaf791c0c48 The OpenSSF Package Analysis project identified 'sn-flow-client' @ 10.10.10 npm as malicious. It is considered malicious because: - The package...

com.vaadin:flow (>=1.0.0 <=1.0.20), com.vaadin:flow-client (>=1.0.0 <=1.0.20) +44 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=1.0.0 <=1.0.20)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.2, =2.0.1, =1.0.0, =6.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...

com.vaadin:flow (>=1.0.0 <=1.0.14), com.vaadin:flow-client (>=1.0.0 <=1.0.14) +30 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=1.0.0 <=1.0.14)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.18 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...

Cross site request forgery (csrf)

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

CVE-2021-31408

The CVE-2021-31408 issue affects vaadin:flow-client: versions 5.0.0 prior to 6.0.0 (Vaadin 18) and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3). The root cause is an incorrect HTTP method in Authentication.logout() combined with Spring Security CSRF protection, which, according to the provi...

Vaadin flow 代码问题漏洞

Vaadin flow is a software application. a Java framework for the Vaadin platform for building modern websites that look great, perform well and keep you and your users happy. A code issue vulnerability exists in vaadin:flow-client that allows a local attacker to access Fusion endpoints after a use...

com.alibaba.rsocket:alibaba-broker-server (=1.0.1), com.github.mcollovati.vertx:vaadin-flow-sockjs (>=18.0.0 <=19.0.0) +74 more potentially affected by CVE-2021-31408 via com.vaadin:flow-client (>=5.0.0 <=6.0.4)

com.vaadin:flow-client MAVEN version =5.0.0, =18.0.0, =18.0.0, =5.0.0, =5.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.7 and more Source cves: CVE-2021-31408 Source advisory: OSV:GHSA-6HGR-2G6Q-3RMC...

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

com.vaadin:flow (>=3.0.0 <=3.0.5), com.vaadin:flow-client (>=3.0.0 <=3.0.5) +87 more potentially affected by CVE-2020-36319 via com.vaadin:flow-server (>=3.0.0 <=3.0.5)

com.vaadin:flow-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =15.0.0, =15.0.4 - com.vaadin:vaadin-accordion-flow =3.0.0 - com.vaadin:vaadin-accordion-flow-demo =3.0.0 and more Source cves: CVE-2020-36319 Source advisory: OSV:GHSA-RJWW-2X8V-M...

com.vaadin:flow (=6.0.0), com.vaadin:flow-client (=6.0.0) +95 more potentially affected by CVE-2021-31406 via com.vaadin:flow-server (=6.0.0)

com.vaadin:flow-server MAVEN version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.vaadin:flow-server and may be impacted: - com.vaadin:flow =6.0.0 - com.vaadin:flow-client =6.0.0 - com.vaadin:flow-component-demo-helpers =6.0.0 -...