Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Remediation
References
https://github.com/vaadin/flow/pull/16935
https://vaadin.com/security/cve-2023-25500
Related Vulnerabilities
CVE-2022-43396 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2023-28628 Vulnerability in maven package lambdaisland:uri
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.13
CVE-2021-25979 Vulnerability in npm package apostrophe
CVE-2022-24816 Vulnerability in maven package it.geosolutions.jaiext.jiffle:jt-jiffle-language