Lucene search
K

63 matches found

Veracode
Veracode
added 2021/04/20 7:43 a.m.29 views

Cross-Site Scripting (XSS)

flow-server is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbtirary Javascript in a user's browser via the error template...

6.1CVSS4.4AI score0.00668EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2021/04/20 6:25 a.m.16 views

Directory Traversal

flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path, allowing an attacker to inject ../ characters into in parameters to access resources outside of the web root...

7.5CVSS5.1AI score0.01211EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2021/04/19 2:53 p.m.5 views

com.faendir.vaadin:jfreechart-flow (=1.1.6), com.github.mcollovati.vertx:vaadin-flow-sockjs (=0.2.0) +89 more potentially affected by CVE-2018-25007 via com.vaadin:flow-server (>=1.0.0 <=1.0.5)

com.vaadin:flow-server MAVEN version =1.0.0, =0.2.0, =0.5.0, =1.0.0.ALPHA1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.23 and more Source cves: CVE-2018-25007 Source advisory: OSV:GHSA-JMX8-355M-8VWH...

4.3CVSS5.8AI score0.00574EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:52 p.m.6 views

com.github.mcollovati.vertx:vaadin-flow-sockjs (=12.0.0), com.github.mcollovati.vertx:vertx-vaadin-flow (=12.0.0) +149 more potentially affected by CVE-2019-25027 via com.vaadin:flow-server (>=1.1.0 <=1.4.2)

com.vaadin:flow-server MAVEN version =1.1.0, =0.5.2, =1.0.0, =1.0.0, =1.0.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.5 and more Source cves: CVE-2019-25027 Source advisory: OSV:GHSA-RP4X-WXQV-CF9M...

6.1CVSS6.3AI score0.00668EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:52 p.m.6 views

com.vaadin:flow (>=1.0.0 <=1.0.10), com.vaadin:flow-client (>=1.0.0 <=1.0.10) +29 more potentially affected by CVE-2019-25027 via com.vaadin:flow-server (>=1.0.0 <=1.0.10)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.10 - com.vaadin:vaadin =10.0.13 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 -...

6.1CVSS6.3AI score0.00668EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:52 p.m.7 views

com.vaadin:flow (>=3.0.0 <=3.0.5), com.vaadin:flow-client (>=3.0.0 <=3.0.5) +87 more potentially affected by CVE-2020-36319 via com.vaadin:flow-server (>=3.0.0 <=3.0.5)

com.vaadin:flow-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =15.0.0, =15.0.4 - com.vaadin:vaadin-accordion-flow =3.0.0 - com.vaadin:vaadin-accordion-flow-demo =3.0.0 and more Source cves: CVE-2020-36319 Source advisory: OSV:GHSA-RJWW-2X8V-M...

6.5CVSS6.5AI score0.01001EPSS
Exploits0
OSV
OSV
added 2021/04/19 2:52 p.m.14 views

GHSA-RJWW-2X8V-M9V9 Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

3.1CVSS6.6AI score0.01001EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/04/19 2:52 p.m.63 views

Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

6.5CVSS6.2AI score0.01001EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.18 views

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0.M1 <=1.0.0.RC3), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (=0.1) +240 more potentially affected by CVE-2020-36321 via com.vaadin:flow-server (>=2.0.0 <=2.4.1)

com.vaadin:flow-server MAVEN version =2.0.0, =1.0.0.M1, =1.4.0, =1.0, =0.0.1, =14.0.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.2.3 and more Source cves: CVE-2020-36321 Source advisory: OSV:GHSA-49R2-73M6-PP8F...

7.5CVSS7.1AI score0.01211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.4 views

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +101 more potentially affected by CVE-2020-36321 via com.vaadin:flow-server (>=3.0.0 <=4.0.8)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.0.8 and more Source cves: CVE-2020-36321 Source advisory: OSV:GHSA-49R2-73M6-PP8F...

7.5CVSS7.1AI score0.01211EPSS
Exploits0
OSV
OSV
added 2021/04/19 2:51 p.m.1 views

GHSA-49R2-73M6-PP8F Directory traversal in development mode handler in Vaadin 14 and 15-17

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder. -...

5.9CVSS6AI score0.01211EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.5 views

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +107 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=3.0.0 <=5.0.2)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =5.0.2 and more Source cves: CVE-2021-31404 Source advisory: OSV:GHSA-XWG3-QRCG-W9X6...

4CVSS5.8AI score0.0021EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.4 views

ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +653 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=1.1.0 <=2.4.6)

com.vaadin:flow-server MAVEN version =1.1.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.4.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-31404 Source advisory: OSV:GHSA-XWG3-QRCG-W9X6...

4CVSS5.7AI score0.0021EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.5 views

com.vaadin:flow (>=1.0.0 <=1.0.13), com.vaadin:flow-client (>=1.0.0 <=1.0.13) +30 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=1.0.0 <=1.0.13)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.17 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...

4CVSS5.8AI score0.0021EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:50 p.m.5 views

ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +655 more potentially affected by CVE-2021-31407 via com.vaadin:flow-server (>=1.2.0 <=2.4.7)

com.vaadin:flow-server MAVEN version =1.2.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.4.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-31407 Source advisory: OSV:GHSA-25XC-JWFQ-39JW...

8.6CVSS7.1AI score0.02382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:50 p.m.4 views

com.vaadin:flow (=6.0.0), com.vaadin:flow-client (=6.0.0) +95 more potentially affected by CVE-2021-31407 via com.vaadin:flow-server (=6.0.0)

com.vaadin:flow-server MAVEN version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.vaadin:flow-server and may be impacted: - com.vaadin:flow =6.0.0 - com.vaadin:flow-client =6.0.0 - com.vaadin:flow-component-demo-helpers =6.0.0 -...

8.6CVSS7.1AI score0.02382EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:50 p.m.3 views

com.vaadin:flow (=6.0.0), com.vaadin:flow-client (=6.0.0) +95 more potentially affected by CVE-2021-31406 via com.vaadin:flow-server (=6.0.0)

com.vaadin:flow-server MAVEN version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.vaadin:flow-server and may be impacted: - com.vaadin:flow =6.0.0 - com.vaadin:flow-client =6.0.0 - com.vaadin:flow-component-demo-helpers =6.0.0 -...

4CVSS5.8AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:50 p.m.4 views

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +107 more potentially affected by CVE-2021-31406 via com.vaadin:flow-server (>=3.0.0 <=5.0.3)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =5.0.3 and more Source cves: CVE-2021-31406 Source advisory: OSV:GHSA-P7JQ-V8JP-J424...

4CVSS5.8AI score0.00211EPSS
Exploits0
OSV
OSV
added 2021/04/19 2:49 p.m.22 views

GHSA-3H5R-928V-MXHH Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. - https://vaadin.com/security/cve-2018-25007...

2.6CVSS4.4AI score0.00574EPSS
Exploits0References3
OSV
OSV
added 2021/04/19 2:47 p.m.14 views

GHSA-C6C4-7X48-4CQP Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

4CVSS3.8AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder