CVE-2018-25007
2.6LOWMissing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values
Published: 4/23/2021Updated: 11/21/2024
Description
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
AI AnalysisPowered by AI
Affected Products
vaadinflow
vaadinvaadin
vaadinvaadin
References
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory