Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Remediation
References
https://github.com/vaadin/flow/pull/16935
https://vaadin.com/security/cve-2023-25500
Related Vulnerabilities
CVE-2014-2068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-1912 Vulnerability in npm package hermes-engine
CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2020-7712 Vulnerability in npm package json
CVE-2020-7692 Vulnerability in maven package com.google.oauth-client:google-oauth-client