CVE-2023-25499

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-25499
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25499.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25499
Aliases
Published
2023-06-22T13:15:09.660Z
Modified
2026-04-10T04:56:17.597541Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.

References

Affected packages

Git / github.com/vaadin/vaadin

Affected ranges

Type
GIT
Repo
https://github.com/vaadin/vaadin
Events
Introduced
7ac406600a3c1a228e15ba253fe844f7e13771a0
Fixed
7a9403dc6515f4ecd99a169339b43f3d6b096064
Introduced
75cb16838a5b87c6e1a15b9e453e0d7c90cc1d53
Fixed
954586e69fb7d7fe301dfead80e5859e23686357
Introduced
9efda1b1e0a27769eef9292dd7799d8fea77e633
Last affected
5822e673320817e8dc9baf6015f271afe07cef24
Introduced
e107b1973a390cafc749031e033f37de7b9a4a1f
Fixed
d84509ab9238212ebba0dce7b17d25729292ff95
Introduced
a45cc881358732b3d594b20750f1369a65d7237a
Fixed
7e7de81e736b39082b08da388f8f6bd99ceee451
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b5c441f2178926e003653d466d09d8fb40f7c35f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f88b3ceb3f3626ae082477cfc3dcf889765f802d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f6b560f2bcf42a40027c6fbff40b0cc8a2cdd639
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d42f366aecac52015db2f997d72ffa7d4fca7df
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
61f9aca5d70c09b4d3b2f9753346938b81b43d62
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1b348c9cae89e22c9e82c977f9b35bfa8f5e7b5c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dc2b36aeeb51e7d1c2dcc349d051d9a0a44228cc
Database specific 
{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.23"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "14.10.1"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "last_affected": "22.0.28"
        },
        {
            "introduced": "23.0.0"
        },
        {
            "fixed": "23.3.13"
        },
        {
            "introduced": "24.0.0"
        },
        {
            "fixed": "24.0.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.1.0-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.1.0-alpha2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.1.0-alpha3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.1.0-alpha4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.1.0-alpha5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.1.0-alpha6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.1.0-beta1"
        }
    ]
}

Affected versions

v10.*
v10.0.0
v10.0.1
v10.0.10
v10.0.11
v10.0.12
v10.0.13
v10.0.14
v10.0.15
v10.0.16
v10.0.17
v10.0.18
v10.0.19
v10.0.2
v10.0.20
v10.0.21
v10.0.22
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.0.8
v10.0.9
v11.*
v11.0.0-alpha1
v11.0.0-beta1
v12.*
v12.0.0
v12.0.0-alpha1
v12.0.0-alpha2
v12.0.0-alpha3
v12.0.0-alpha4
v12.0.0-alpha5
v12.0.0-beta1
v12.0.0-beta2
v12.0.1
v12.0.2
v13.*
v13.0.0
v13.0.0-alpha1
v13.0.0-alpha2
v13.0.0-alpha3
v13.0.0-alpha4
v13.0.0-beta1
v13.0.0-beta2
v13.0.0-beta3
v13.0.1
v14.*
v14.0.0
v14.0.0-alpha1
v14.0.0-alpha2
v14.0.0-alpha3
v14.0.0-alpha4
v14.0.0-beta1
v14.0.0-beta2
v14.0.0-beta3
v14.0.0-rc1
v14.0.0-rc2
v14.0.0-rc3
v14.0.0-rc4
v14.0.0-rc5
v14.0.0-rc6
v14.0.0-rc7
v14.0.0-rc8
v14.0.0-rc9
v14.0.1
v14.0.2
v14.1.0
v14.1.0-alpha1
v14.1.0-alpha2
v14.1.0-alpha3
v14.1.0-alpha4
v14.1.0-alpha5
v14.1.0-beta1
v14.1.0-beta2
v14.1.0-beta3
v14.1.0-rc1
v14.1.1
v14.1.2
v14.10.0
v14.10.0-alpha1
v14.10.0-alpha2
v14.10.0-alpha3
v14.10.0-beta1
v14.2.0
v14.2.0-alpha1
v14.2.0-alpha10
v14.2.0-alpha11
v14.2.0-alpha2
v14.2.0-alpha3
v14.2.0-alpha4
v14.2.0-alpha5
v14.2.0-alpha6
v14.2.0-alpha7
v14.2.0-alpha8
v14.2.0-alpha9
v14.2.0-beta1
v14.2.0-rc1
v14.3.0
v14.3.0-alpha1
v14.3.0-beta1
v14.3.0-beta2
v14.3.0-beta3
v14.3.0-rc1
v14.4.0
v14.4.0-alpha1
v14.4.0-beta1
v14.4.0-beta2
v14.4.0-rc1
v14.5.0-alpha1
v14.5.0-alpha2
v14.5.0-alpha3
v14.5.0-beta1
v14.5.0-rc1
v14.6.0-alpha1
v14.6.0-alpha2
v14.6.0-beta1
v14.6.0-beta2
v14.7.0-alpha1
v14.7.0-alpha2
v14.7.0-alpha3
v14.7.0-beta1
v14.7.0-rc1
v14.8.0
v14.8.0-alpha1
v14.8.0-beta1
v14.8.1
v14.8.10
v14.8.11
v14.8.12
v14.8.13
v14.8.14
v14.8.15
v14.8.16
v14.8.17
v14.8.2
v14.8.3
v14.8.4
v14.8.5
v14.8.6
v14.8.7
v14.8.8
v14.8.9
v14.9.0
v14.9.0-alpha1
v14.9.0-beta1
v14.9.0-rc1
v14.9.1
v14.9.2
v14.9.3
v14.9.4
v15.*
v15.0.0-alpha1
v15.0.0-alpha10
v15.0.0-alpha11
v15.0.0-alpha12
v15.0.0-alpha13
v15.0.0-alpha14
v15.0.0-alpha15
v15.0.0-alpha2
v15.0.0-alpha3
v15.0.0-alpha4
v15.0.0-alpha5
v15.0.0-alpha6
v15.0.0-alpha7
v15.0.0-alpha8
v15.0.0-alpha9
v15.0.0-beta1
v15.0.0-beta2
v15.0.0-beta3
v15.0.0-beta4
v15.0.0-beta5
v15.0.0-rc1
v16.*
v16.0.0-alpha1
v16.0.0-alpha2
v16.0.0-alpha3
v17.*
v17.0.0
v17.0.0-alpha1
v17.0.0-alpha2
v17.0.0-alpha3
v17.0.0-alpha4
v17.0.0-alpha5
v17.0.0-alpha6
v17.0.0-alpha7
v17.0.0-beta1
v17.0.0-beta2
v17.0.0-beta3
v17.0.0-rc1
v17.0.0-rc2
v18.*
v18.0.0-alpha1
v18.0.0-beta1
v18.0.0-beta2
v19.*
v19.0.0-alpha1
v19.0.0-alpha2
v19.0.0-alpha3
v19.0.0-alpha4
v19.0.0-alpha5
v19.0.0-beta1
v19.0.0-beta2
v19.0.0-beta3
v20.*
v20.0.0-alpha1
v20.0.0-alpha2
v20.0.0-alpha3
v20.0.0-alpha4
v20.0.0-alpha5
v20.0.0-alpha6
v20.0.0-alpha7
v20.0.0-alpha8
v21.*
v21.0.0-alpha0
v21.0.0-alpha1
v21.0.0-alpha10
v21.0.0-alpha2
v21.0.0-alpha3
v21.0.0-alpha4
v21.0.0-alpha5
v21.0.0-alpha6
v21.0.0-alpha7
v21.0.0-alpha8
v21.0.0-alpha9
v22.*
v22.0.0
v22.0.0-alpha1
v22.0.0-alpha2
v22.0.0-alpha3
v22.0.0-alpha4
v22.0.0-alpha5
v22.0.0-alpha6
v22.0.0-alpha7
v22.0.0-alpha8
v22.0.0-alpha9
v22.0.0-beta1
v22.0.0-beta2
v22.0.0-beta3
v22.0.0-rc1
v22.0.1
v22.0.10
v22.0.11
v22.0.12
v22.0.13
v22.0.14
v22.0.15
v22.0.16
v22.0.17
v22.0.18
v22.0.2
v22.0.20
v22.0.21
v22.0.22
v22.0.23
v22.0.24
v22.0.25
v22.0.26
v22.0.27
v22.0.28
v22.0.3
v22.0.4
v22.0.5
v22.0.6
v22.0.7
v22.0.8
v22.0.9
v23.*
v23.0.0
v23.1.0-alpha1
v23.1.0-alpha2
v23.1.0-alpha3
v23.1.0-alpha4
v23.1.0-beta1
v23.2.0
v23.2.0-alpha1
v23.2.0-alpha3
v23.2.0-beta1
v23.2.0-beta2
v23.2.0-beta3
v23.2.0-beta4
v23.2.0-rc1
v23.3.0
v23.3.0-alpha1
v23.3.0-alpha2
v23.3.0-alpha3
v23.3.0-beta1
v23.3.0-beta2
v23.3.0-rc1
v23.3.1
v23.3.10
v23.3.11
v23.3.12
v23.3.2
v23.3.3
v23.3.4
v23.3.5
v23.3.6
v23.3.7
v23.3.8
v23.3.9
v24.*
v24.0.0
v24.0.0-alpha10
v24.0.0-alpha2
v24.0.0-alpha4
v24.0.0-alpha5
v24.0.0-alpha6
v24.0.0-alpha7
v24.0.0-alpha8
v24.0.0-alpha9
v24.0.0-beta1
v24.0.1
v24.0.2
v24.0.3
v24.0.4
v24.0.5
v24.1.0-alpha1
v24.1.0-alpha2
v24.1.0-alpha3
v24.1.0-alpha4
v24.1.0-alpha5
v24.1.0-alpha6
v24.1.0-beta1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25499.json"