CVE-2018-25007
2.6LOWMissing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values
게시됨: 4/23/2021업데이트됨: 11/21/2024
설명
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
AI 분석AI 기반
영향받는 제품
vaadinflow
vaadinvaadin
vaadinvaadin
참조
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory