Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
References
Link | Resource |
---|---|
https://github.com/vaadin/flow/pull/16935 | Patch |
https://vaadin.com/security/cve-2023-25500 | Vendor Advisory |
https://github.com/vaadin/flow/pull/16935 | Patch |
https://vaadin.com/security/cve-2023-25500 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.5 |
References | () https://github.com/vaadin/flow/pull/16935 - Patch | |
References | () https://vaadin.com/security/cve-2023-25500 - Vendor Advisory |
30 Jun 2023, 16:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-22 13:15
Updated : 2024-11-21 07:49
NVD link : CVE-2023-25500
Mitre link : CVE-2023-25500
CVE.ORG link : CVE-2023-25500
JSON object : View
Products Affected
vaadin
- vaadin
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor