You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 10, 2025. It is now read-only.
"TITLE": "Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11",
13
+
"AKA": "",
14
+
"STATE": "PUBLIC"
15
+
},
16
+
"source": {
17
+
"defect": [],
18
+
"advisory": "",
19
+
"discovery": "INTERNAL"
20
+
},
21
+
"affects": {
22
+
"vendor": {
23
+
"vendor_data": [
24
+
{
25
+
"vendor_name": "Vaadin",
26
+
"product": {
27
+
"product_data": [
28
+
{
29
+
"product_name": "Vaadin",
30
+
"version": {
31
+
"version_data": [
32
+
{
33
+
"version_name": "",
34
+
"version_affected": ">=",
35
+
"version_value": "10.0.0",
36
+
"platform": ""
37
+
},
38
+
{
39
+
"version_name": "",
40
+
"version_affected": "<=",
41
+
"version_value": "10.0.7",
42
+
"platform": ""
43
+
},
44
+
{
45
+
"version_name": "",
46
+
"version_affected": ">=",
47
+
"version_value": "11.0.0",
48
+
"platform": ""
49
+
},
50
+
{
51
+
"version_name": "",
52
+
"version_affected": "<=",
53
+
"version_value": "11.0.2",
54
+
"platform": ""
55
+
}
56
+
]
57
+
}
58
+
},
59
+
{
60
+
"product_name": "flow-server",
61
+
"version": {
62
+
"version_data": [
63
+
{
64
+
"version_name": "",
65
+
"version_affected": ">=",
66
+
"version_value": "1.0.0",
67
+
"platform": ""
68
+
},
69
+
{
70
+
"version_name": "",
71
+
"version_affected": "<=",
72
+
"version_value": "1.0.5",
73
+
"platform": ""
74
+
}
75
+
]
76
+
}
77
+
}
78
+
]
55
79
}
56
-
]
57
80
}
58
-
},
59
-
{
60
-
"product_name": "flow-server",
61
-
"version": {
62
-
"version_data": [
63
-
{
64
-
"version_name": "",
65
-
"version_affected": ">=",
66
-
"version_value": "1.0.0",
67
-
"platform": ""
68
-
},
69
-
{
70
-
"version_name": "",
71
-
"version_affected": "<=",
72
-
"version_value": "1.0.5",
73
-
"platform": ""
74
-
}
75
-
]
76
-
}
77
-
}
78
81
]
79
-
}
80
82
}
81
-
]
82
-
}
83
-
},
84
-
"problemtype": {
85
-
"problemtype_data": [
86
-
{
87
-
"description": [
88
-
{
89
-
"lang": "eng",
90
-
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
91
-
}
83
+
},
84
+
"problemtype": {
85
+
"problemtype_data": [
86
+
{
87
+
"description": [
88
+
{
89
+
"lang": "eng",
90
+
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
91
+
}
92
+
]
93
+
}
92
94
]
93
-
}
94
-
]
95
-
},
96
-
"description": {
97
-
"description_data": [
98
-
{
99
-
"lang": "eng",
100
-
"value": "Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message."
"value": "Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message."
0 commit comments