Description

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

Remediation

References

https://github.com/vaadin/flow/pull/16935

https://vaadin.com/security/cve-2023-25500

Related Vulnerabilities

CVE-2022-25912 Vulnerability in maven package org.webjars.npm:simple-git

CVE-2020-28279 Vulnerability in npm package flattenizer

CVE-2021-32050 Vulnerability in npm package mongodb

CVE-2013-4444 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-oidc

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch Vendor Advisory