Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Remediation
References
https://github.com/vaadin/flow/pull/16935
https://vaadin.com/security/cve-2023-25500
Related Vulnerabilities
CVE-2022-31089 Vulnerability in npm package parse-server
CVE-2023-29206 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx
CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka_3
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-elasticsearch
CVE-2022-24785 Vulnerability in maven package org.fujion.webjars:moment