Description
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController
Remediation
References
https://github.com/vaadin/flow/pull/8051
https://github.com/vaadin/flow/pull/8016
https://vaadin.com/security/cve-2020-36319
Related Vulnerabilities
CVE-2022-25852 Vulnerability in npm package libpq
CVE-2020-7652 Vulnerability in npm package snyk-broker
CVE-2021-21369 Vulnerability in maven package org.hyperledger.besu:plugin-api
CVE-2021-40369 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:jasper