EPSS
Percentile
22.7%
flow-server is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by sending a fake synchronization message to the server, updating server-side element property values.
github.com/advisories/GHSA-3h5r-928v-mxhh
github.com/vaadin/flow/pull/4774
vaadin.com/security/cve-2018-25007