Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Remediation
References
https://github.com/vaadin/flow/pull/16935
https://vaadin.com/security/cve-2023-25500
Related Vulnerabilities
CVE-2018-14720 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-29212 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui
CVE-2020-8131 Vulnerability in maven package org.webjars.npm:yarn
CVE-2023-46131 Vulnerability in maven package org.grails:grails-databinding
CVE-2023-49735 Vulnerability in maven package org.apache.tiles:tiles-core