CVE-2021-31406
- EPSS 0.21%
- Veröffentlicht 23.04.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:05:35
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a sec...
CVE-2021-31407
- EPSS 2.38%
- Veröffentlicht 23.04.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:05:36
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTT...
CVE-2018-25007
- EPSS 0.57%
- Veröffentlicht 23.04.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 04:03:20
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
CVE-2019-25027
- EPSS 0.67%
- Veröffentlicht 23.04.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 04:39:46
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaSc...