Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server

Description

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.

Remediation

References

https://github.com/vaadin/flow/pull/11099

https://vaadin.com/security/cve-2021-33604

Related Vulnerabilities

CVE-2022-23812 Vulnerability in npm package node-ipc

CVE-2021-23490 Vulnerability in npm package parse-link-header

CVE-2023-48218 Vulnerability in npm package strapi-plugin-protected-populate

CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm

CVE-2021-31712 Vulnerability in npm package react-draft-wysiwyg

Severity

Low

Classification

CWE-172 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Patch Third Party Advisory Vendor Advisory