Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-25500 Vulnerability in maven package com.vaadin:vaadin

Description

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

Remediation

References

https://github.com/vaadin/flow/pull/16935

https://vaadin.com/security/cve-2023-25500

Related Vulnerabilities

CVE-2020-6836 Vulnerability in maven package org.webjars.npm:hot-formula-parser

CVE-2020-13410 Vulnerability in npm package aedes

CVE-2016-15011 Vulnerability in maven package be.e_contract.dssp:dssp-client

CVE-2023-34238 Vulnerability in npm package gatsby-plugin-sharp

CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch Vendor Advisory