CVE-2019-25027
- Source
- https://cve.org/CVERecord?id=CVE-2019-25027
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25027.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-25027
- Aliases
- Published
- 2021-04-23T16:15:07.987Z
- Modified
- 2026-02-22T01:28:56.599985Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL
- References
Affected packages
Git / github.com/vaadin/flow
Affected versions
1.*
1.0.0
1.0.1
1.0.10
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.0.alpha1
1.1.0.alpha2
1.1.0.alpha3
1.1.0.beta1
1.1.0.beta2
1.1.0.beta3
1.1.0.beta4
1.2.0
1.2.0.alpha1
1.2.0.beta1
1.2.0.beta2
1.3.0
1.3.0.beta1
1.3.0.beta2
1.4.0
1.4.1
1.4.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25027.json"
vanir_signatures
[
{
"id": "CVE-2019-25027-724dc12d",
"target": {
"file": "flow-server/src/main/java/com/vaadin/flow/component/UI.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/vaadin/flow/commit/96ebe74d7819acea6bf720ad39af1d12132a8956",
"digest": {
"threshold": 0.9,
"line_hashes": [
"261953307091429512020813919124974003204",
"329533054537719354414092760958815002704",
"313930173888583270381484067923183456160",
"162146791431649347363597301744334728147",
"242797645317436500196535946665471567281",
"286910172304206219900340701977937062437",
"278181443505157423786147500441283476047",
"303837510556439872409158675732397683248",
"153768064545624599271116704130548139556",
"109483147727043905708274744426371902544",
"259870548858588817648333372768790484811",
"325017224019585151779266844960186116358",
"106226419683089484003885099097620599339",
"329760685973920828001511732786776132401",
"158446089771610535504004077417513645932",
"278220728157201837614615789759340673763",
"124408381347879013080958365972561941930",
"154785131295333403489954052243911469192",
"135046169291699858826297569535737011561"
]
},
"signature_type": "Line"
}
]
Git / github.com/vaadin/platform
Affected versions
10.*
10.0.0
10.0.1
10.0.10
10.0.11
10.0.12
10.0.13
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
11.*
11.0.0.alpha1
11.0.0.beta1
12.*
12.0.0.alpha1
12.0.0.alpha2
12.0.0.alpha3
12.0.0.alpha4
12.0.0.alpha5
12.0.0.beta1
12.0.0.beta2
13.*
13.0.0
13.0.0.alpha1
13.0.0.alpha2
13.0.0.alpha3
13.0.0.alpha4
13.0.0.beta1
13.0.0.beta2
13.0.0.beta3
13.0.1
13.0.2
13.0.3
13.0.4
13.0.5
Git / github.com/vaadin/vaadin
Affected versions
v10.*
v10.0.0
v10.0.1
v10.0.10
v10.0.11
v10.0.12
v10.0.13
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.0.8
v10.0.9
v11.*
v11.0.0-alpha1
v11.0.0-beta1
v12.*
v12.0.0
v12.0.0-alpha1
v12.0.0-alpha2
v12.0.0-alpha3
v12.0.0-alpha4
v12.0.0-alpha5
v12.0.0-beta1
v12.0.0-beta2
v12.0.1
v12.0.2
v13.*
v13.0.0
v13.0.0-alpha1
v13.0.0-alpha2
v13.0.0-alpha3
v13.0.0-alpha4
v13.0.0-beta1
v13.0.0-beta2
v13.0.0-beta3
v13.0.1
v13.0.2
v13.0.3
v13.0.4
v13.0.5