Lucene search
K

4 matches found

OSV
OSV
added 2021/04/23 4:15 p.m.37 views

CVE-2020-36319

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController...

6.5CVSS6.6AI score0.01001EPSS
Exploits0References3
NVD
NVD
added 2021/04/23 4:15 p.m.36 views

CVE-2021-31406

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack...

4CVSS0.00211EPSS
Exploits0References2
Prion
Prion
added 2021/04/23 4:15 p.m.22 views

Design/Logic Flaw

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 Vaadin 14.0.6 through 14.4.3, and 3.0.0 through 4.0.2 Vaadin 15.0.0 through 17.0.10 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

5CVSS7.3AI score0.01127EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2021/04/19 12:0 a.m.5 views

PT-2021-12003 · Vaadin · Com.Vaadin:Flow-Server +1

Name of the Vulnerable Software and Affected Versions: com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin versions 15.0.0 through 15.0.4 Description: The issue is related to an insecure configuration of the default ObjectMapper in the affected software. This may expose sensitive data if t...

6.5CVSS6.1AI score0.01001EPSS
Exploits0References12
Rows per page
Query Builder