5 matches found
CVE-2026-7860
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
CVE-2026-7860 Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
PT-2026-41882
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), au.com.acegi:xml-format-maven-plugin (>=4.0.1 <=4.1.0) +2010 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=4.0.0 <=4.0.2)
org.codehaus.plexus:plexus-utils MAVEN version =4.0.0, =9.1.1, =4.0.1, =0.0.1, =0.0.9, =0.4.0, =0.0.0, =1.9.2, =1.0.0-M5, =1.0.0-M6, =1.0.0-M1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =1.0.0-M10 and more Source cves: CVE-2025-67030 Source advisory: OSV:GHSA-6FMV-XXPF-W3CW...
ai.databand.azkaban:azkaban-web-server (=3.18.0), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2) +1360 more potentially affected by CVE-2020-13959 via org.apache.velocity:velocity-tools (>=1.3 <=2.0)
org.apache.velocity:velocity-tools MAVEN version =1.3, =9.1.1, =1.0.0, =1.0.0, =0.1, =2.1, =1.2.1, =1.0.0, =0.0.1, =0.0.1, =1.2.28, =1.0.0, =1.1.0 and more Source cves: CVE-2020-13959 Source advisory: OSV:GHSA-FH63-4R66-JC7V...