WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server

Description

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.

Remediation

References

https://vaadin.com/security/cve-2021-33604

https://github.com/vaadin/flow/pull/11099

Related Vulnerabilities

CVE-2023-24428 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-oauth

CVE-2016-0760 Vulnerability in maven package org.apache.sentry:sentry-binding-hive

CVE-2023-24455 Vulnerability in maven package io.jenkins.plugins:visualexpert

CVE-2022-2063 Vulnerability in npm package nocodb

CVE-2022-39387 Vulnerability in maven package org.xwiki.contrib.oidc:oidc-authenticator

Severity

Low

Classification

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Patch Third Party Advisory NVD-CWE-Other