CVE-2018-25007

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*
cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*
cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:03

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 4.3
v2 : 4.0
v3 : 2.6
References () https://github.com/vaadin/flow/pull/4774 - Patch, Third Party Advisory () https://github.com/vaadin/flow/pull/4774 - Patch, Third Party Advisory
References () https://vaadin.com/security/cve-2018-25007 - Vendor Advisory () https://vaadin.com/security/cve-2018-25007 - Vendor Advisory

Information

Published : 2021-04-23 16:15

Updated : 2024-11-21 04:03


NVD link : CVE-2018-25007

Mitre link : CVE-2018-25007

CVE.ORG link : CVE-2018-25007


JSON object : View

Products Affected

vaadin

  • flow
  • vaadin
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions