Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server

Description

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.

Remediation

References

https://github.com/vaadin/flow/pull/15885

https://vaadin.com/security/CVE-2023-25499

Related Vulnerabilities

CVE-2022-21667 Vulnerability in npm package @soketi/soketi

CVE-2023-1428 Vulnerability in maven package io.grpc:grpc-protobuf

CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step

CVE-2021-23484 Vulnerability in npm package zip-local

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-parent

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory