| Title |
Severity |
Exploit |
Date |
Affected Version |
|
CVE-2021-31403
|
Low
|
|
Apr 23, 2021
|
>= 7.0.0 < 7.7.24
>= 8.0.0 < 8.12.3
|
|
CVE-2019-25028
|
Medium
|
|
Apr 23, 2021
|
>= 7.4.0 < 7.7.20
>= 8.0.0 < 8.8.5
|
|
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
|
Low
|
|
Apr 19, 2021
|
>= 10.0.0 < 10.0.8
>= 11.0.0 < 11.0.3
|
|
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
|
Medium
|
|
Apr 19, 2021
|
>= 10.0.0 < 10.0.14
>= 11.0.0 < 13.0.6
|
|
Potential sensitive data exposure in applications using Vaadin 15
|
Low
|
|
Apr 19, 2021
|
>= 15.0.0 < 15.0.5
|
|
Directory traversal in development mode handler in Vaadin 14 and 15-17
|
Medium
|
|
Apr 19, 2021
|
>= 14.0.0 < 14.4.3
>= 15.0.0 < 18.0.0
|
|
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
|
Medium
|
|
Apr 19, 2021
|
>= 10.0.0 < 10.0.17
>= 11.0.0 < 14.4.7
>= 15.0.0 < 18.0.6
|
|
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
|
Medium
|
|
Apr 19, 2021
|
== 19.0.0
>= 19.0.0 < 19.0.1
>= 15.0.0 < 18.0.7
|
|
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
|
High
|
|
Apr 19, 2021
|
>= 12.0.0 < 14.4.10
== 19.0.0
>= 19.0.0 < 19.0.1
|
com.vaadin / vaadin-bom