CVE-2022-29567

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29567

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29567.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-29567

Aliases

GHSA-qfr3-323w-qv27

Published

2022-05-24T15:15:08Z

Modified

2024-09-03T04:16:47.334038Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.

References

Affected packages

Git / github.com/vaadin/platform

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/platform
Events: Last affected

0ad2e4b13320ecb540c5ca52db736f589113dacd

Last affected

0b73a5a157b036577d09a9f65559714246ab6e6e

Last affected

1c505b3f9875b925113bed183136d8a357651e34

Last affected

5e22e93635cbaae172c59939441645284029e168

Last affected

76f347ed2c4ad988a62ea5fb87b16e4faef646f8

Introduced

bc402cf899942f74a62993f8e612af466bee056f

Last affected

807b2087b918f43525d5bd443e3608bf86583322

Last affected

97a6e2c3b1d955cc55233f141a61e6bc34fbc9ee

Last affected

a4c9f2cb18bdb24fbffea34e79588ab83dfc7671

Introduced

5430e0a3e45842600792de19a6a6784761c96da4

Last affected

ab17ce191141b2f8bb69e6a7cf4a1db075904c4f

Last affected

d9148ca59e6776a9a19a25f433d7e7d6b128f5cc

Introduced

913a1d49e922efad85dbef6888b18bc011dc5650

Last affected

f2d230ec7a1ba939c7230723fac1089fad2b2006

Last affected

fc60c72ff5837399ab2586c7471c0ebecc0747c8

Type: GIT
Repo: https://github.com/vaadin/vaadin
Events: Introduced

acb11dbc88fa66aaca85c84bdb9158338b0141ca

Last affected

19e688830a7b47ff74857555288733c9df8cef50

Last affected

4d8a44f8340b59947b0dc811f49f95177dac9e37

Last affected

71398ebce2ffe466589ce3e6789f1cea6781931f

Last affected

797a094de8037349b5764a877c1cf070095a443c

Last affected

7c68c2375108234d6cba8121f9511f71e31abf0f

Last affected

9f159ae5656090c2a95dff19294a0b12fc35adad

Last affected

c4e342720c19f3256a0842760604cfacd5c6ef50

Introduced

af8d02bb26203d51353e6d81c7ced532bf88bf68

Last affected

d8f21a82bf0d77712fd5632d45472daf02302ba0

Last affected

d92b2d4097beb33316694c9e2587469e5207e8df

Last affected

e107b1973a390cafc749031e033f37de7b9a4a1f

Last affected

ecba60cf1dd00d8576a506d6bf94cef81c4b23ff

Affected versions

14.*

14.8.5

14.8.6

14.8.7

14.8.8

14.8.9

22.*

22.0.10

22.0.11

22.0.12

22.0.13

22.0.14

22.0.15

22.0.6

22.0.7

22.0.8

22.0.9

23.*

23.0.1

v14.*

v14.8.5

v14.8.6

v14.8.7

v14.8.8

v14.8.9

v23.*

v23.0.1