Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NVaadin Flow
APPVaadin1.2.0 – 2.4.8 (bez)6.0.0 – 6.0.2 (bez)Vaadin
APPVaadin19.0.012.0.0 – 14.4.10 (bez)
Powiązane podatności
Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 t...
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaa...
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2....
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 ...
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 t...