Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Remediation
References
https://github.com/vaadin/flow/pull/16935
https://vaadin.com/security/cve-2023-25500
Related Vulnerabilities
CVE-2023-34092 Vulnerability in npm package vite
CVE-2019-0205 Vulnerability in maven package org.webjars.bower:thrift
CVE-2023-29213 Vulnerability in maven package org.xwiki.platform:xwiki-platform-logging-script
CVE-2020-8203 Vulnerability in npm package lodash
CVE-2023-46656 Vulnerability in maven package igalg.jenkins.plugins:multibranch-scan-webhook-trigger