CVE-2018-25007
2.6LOWMissing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values
Опубликовано: 4/23/2021Обновлено: 11/21/2024
Описание
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
ИИ-АнализНа базе ИИ
Затронутые продукты
vaadinflow
vaadinvaadin
vaadinvaadin
Ссылки
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory
- https://github.com/vaadin/flow/pull/4774PatchThird Party Advisory
- https://vaadin.com/security/cve-2018-25007Vendor Advisory