CVE-2018-25007
2.6LOWMissing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values
Publicado: 4/23/2021Actualizado: 11/21/2024
Descripción
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
Análisis IAImpulsado por IA
Productos Afectados
vaadinflow
vaadinvaadin
vaadinvaadin
Referencias
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory