Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Remediation
References
https://github.com/vaadin/flow/pull/16935
https://vaadin.com/security/cve-2023-25500
Related Vulnerabilities
CVE-2021-41246 Vulnerability in npm package express-openid-connect
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx
CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream