WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-25500 Vulnerability in maven package com.vaadin:flow-server

Description

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

Remediation

References

https://github.com/vaadin/flow/pull/16935

https://vaadin.com/security/cve-2023-25500

Related Vulnerabilities

CVE-2014-2068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-1912 Vulnerability in npm package hermes-engine

CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml

CVE-2020-7712 Vulnerability in npm package json

CVE-2020-7692 Vulnerability in maven package com.google.oauth-client:google-oauth-client

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch Vendor Advisory