How severe is CVE-2018-25007?

CVE-2018-25007 has a CVSS v3 score of 2.6 (LOW).

CVE-2018-25007

Name: vaadin
Author: vaadin

2.6LOW

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values

Publicado: 4/23/2021Atualizado: 11/21/2024

Descrição

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.

Análise IADesenvolvido por IA

Produtos Afetados

vaadinflow

vaadinvaadin

Referências

https://github.com/vaadin/flow/pull/4774
PatchThird Party Advisory
https://vaadin.com/security/cve-2018-25007
Vendor Advisory
https://github.com/vaadin/flow/pull/4774
PatchThird Party Advisory
https://vaadin.com/security/cve-2018-25007
Vendor Advisory