WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server

Description

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.

Remediation

References

https://github.com/vaadin/flow/pull/11099

https://vaadin.com/security/cve-2021-33604

Related Vulnerabilities

CVE-2023-38700 Vulnerability in npm package matrix-appservice-irc

CVE-2020-29455 Vulnerability in npm package liveaddress

CVE-2020-26217 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2022-2596 Vulnerability in npm package node-fetch

CVE-2022-45598 Vulnerability in npm package @joplin/renderer

Severity

Low

Classification

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Patch Third Party Advisory Vendor Advisory NVD-CWE-Other