CVE-2021-33604
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-33604
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33604.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-33604
- Aliases
- Published
- 2021-06-24T12:15:08Z
- Modified
- 2024-09-03T03:50:16.788697Z
- Severity
-
- 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
- References
Affected packages
Git / github.com/vaadin/platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vaadin/platform
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Type
- GIT
- Repo
- https://github.com/vaadin/vaadin
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affected
Affected versions
14.*
14.0.0
14.0.1
14.0.2
14.1.0
14.1.0.alpha1
14.1.0.alpha3
14.1.0.beta1
14.1.0.beta2
14.1.1
14.1.2
14.2.0
14.2.0.alpha1
14.2.0.alpha10
14.2.0.alpha11
14.2.0.alpha2
14.2.0.alpha3
14.2.0.alpha4
14.2.0.alpha5
14.2.0.alpha6
14.2.0.alpha7
14.2.0.alpha8
14.2.0.alpha9
14.2.0.beta1
14.2.0.rc1
14.3.0
14.3.0.alpha1
14.3.0.beta1
14.3.0.beta2
14.3.0.beta3
14.3.0.rc1
14.4.0
14.4.0.alpha1
14.4.0.beta1
14.4.0.beta2
14.4.0.rc1
14.5.0.alpha1
14.5.0.alpha2
14.5.0.alpha3
14.5.0.beta1
14.5.0.rc1
14.6.0
14.6.0.alpha1
14.6.0.alpha2
14.6.0.beta1
14.6.0.beta2
14.6.0.rc1
14.6.1
15.*
15.0.0
15.0.0.rc1
16.*
16.0.0.alpha1
16.0.0.alpha2
16.0.0.alpha3
16.0.1
17.*
17.0.0
17.0.0.alpha2
17.0.0.alpha3
17.0.0.alpha4
17.0.0.alpha5
17.0.0.alpha6
17.0.0.alpha7
17.0.0.beta1
17.0.0.beta2
17.0.0.beta3
17.0.0.rc1
17.0.0.rc2
18.*
18.0.0
18.0.0.alpha1
18.0.0.beta1
18.0.0.beta2
18.0.0.beta3
18.0.0.rc1
18.0.0.rc2
19.*
19.0.0
19.0.0.alpha1
19.0.0.alpha2
19.0.0.alpha3
19.0.0.alpha4
19.0.0.alpha5
19.0.0.beta1
19.0.0.beta2
19.0.0.beta3
19.0.0.rc1
19.0.1
19.0.2
19.0.3
19.0.4
19.0.5
19.0.6
19.0.7
19.0.8
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.1.0
v14.1.0-alpha1
v14.1.0-alpha2
v14.1.0-alpha3
v14.1.0-alpha4
v14.1.0-alpha5
v14.1.0-beta1
v14.1.0-beta2
v14.1.0-beta3
v14.1.0-rc1
v14.1.1
v14.1.2
v14.2.0
v14.2.0-alpha1
v14.2.0-alpha10
v14.2.0-alpha11
v14.2.0-alpha2
v14.2.0-alpha3
v14.2.0-alpha4
v14.2.0-alpha5
v14.2.0-alpha6
v14.2.0-alpha7
v14.2.0-alpha8
v14.2.0-alpha9
v14.2.0-beta1
v14.2.0-rc1
v14.3.0
v14.3.0-alpha1
v14.3.0-beta1
v14.3.0-beta2
v14.3.0-beta3
v14.3.0-rc1
v14.4.0
v14.4.0-alpha1
v14.4.0-beta1
v14.4.0-beta2
v14.4.0-rc1
v14.5.0-alpha1
v14.5.0-alpha2
v14.5.0-alpha3
v14.5.0-beta1
v14.5.0-rc1
v14.6.0
v14.6.0-alpha1
v14.6.0-alpha2
v14.6.0-beta1
v14.6.0-beta2
v14.6.0-rc1
v14.6.1
v15.*
v15.0.0-alpha1
v15.0.0-alpha10
v15.0.0-alpha11
v15.0.0-alpha12
v15.0.0-alpha13
v15.0.0-alpha14
v15.0.0-alpha15
v15.0.0-alpha2
v15.0.0-alpha3
v15.0.0-alpha4
v15.0.0-alpha5
v15.0.0-alpha6
v15.0.0-alpha7
v15.0.0-alpha8
v15.0.0-alpha9
v15.0.0-beta1
v15.0.0-beta2
v15.0.0-beta3
v15.0.0-beta4
v15.0.0-beta5
v15.0.0-rc1
v16.*
v16.0.0-alpha1
v16.0.0-alpha2
v16.0.0-alpha3
v17.*
v17.0.0
v17.0.0-alpha1
v17.0.0-alpha2
v17.0.0-alpha3
v17.0.0-alpha4
v17.0.0-alpha5
v17.0.0-alpha6
v17.0.0-alpha7
v17.0.0-beta1
v17.0.0-beta2
v17.0.0-beta3
v17.0.0-rc1
v17.0.0-rc2
v18.*
v18.0.0
v18.0.0-alpha1
v18.0.0-beta1
v18.0.0-beta2
v18.0.0-beta3
v18.0.0-rc1
v18.0.0-rc2
v19.*
v19.0.0
v19.0.1
v19.0.2
v19.0.3
v19.0.4
v19.0.5
v19.0.6
v19.0.7
v19.0.8