Headline
GHSA-ch48-9r3q-pv7x: Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
https://vaadin.com/security/cve-2023-25500
Package
maven com.vaadin:flow-server (Maven)
Affected versions
>= 1.0.0, < 1.0.21
>= 1.1.0, < 2.9.3
>= 3.0.0, < 9.1.2
>= 23.0.0, < 23.3.13
>= 24.0.0, < 24.0.9
>= 24.1.alpha1, < 24.1.0
Patched versions
1.0.21
2.9.3
9.1.2
23.3.13
24.0.9
24.1.0
maven com.vaadin:vaadin (Maven)
>= 10.0.0, < 10.0.24
>= 11.0.0, < 14.10.2
>= 15.0.0, < 22.1.0
>= 23.0.0, < 23.3.14
>= 24.0.0, < 24.0.7
>= 24.1.0.alpha1, < 24.1.0
10.0.24
14.10.2
22.1.0
23.3.14
24.0.7
24.1.0
Description
Published to the GitHub Advisory Database
Jun 22, 2023
Last updated
Jun 22, 2023
Related news
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in a potential information disclosure of class and method names in RPC responses by sending modified requests.