CVE-2023-25499

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25499

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25499.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25499

Aliases

GHSA-5f9v-mv5g-jh5q

Published

2023-06-22T13:15:09Z

Modified

2024-09-03T04:24:57.721583Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.

References

Affected packages

Git / github.com/vaadin/platform

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/platform
Events: Introduced

8e1b5f1a3f9bb984108d172f19d4d2df4a1987f5

Fixed

e197c9425d8ce8a0c0a9048ca8ac68e75c4950aa

Type: GIT
Repo: https://github.com/vaadin/vaadin
Events: Introduced

a45cc881358732b3d594b20750f1369a65d7237a

Fixed

7e7de81e736b39082b08da388f8f6bd99ceee451

Affected versions

10.*

10.0.0

10.0.1

10.0.10

10.0.11

10.0.12

10.0.13

10.0.14

10.0.15

10.0.16

10.0.17

10.0.18

10.0.19

10.0.2

10.0.20

10.0.21

10.0.22

10.0.3

10.0.4

10.0.5

10.0.6

10.0.7

10.0.8

10.0.9

v24.*

v24.0.0

v24.0.1

v24.0.2

v24.0.3

v24.0.4

v24.0.5