CVE-2023-25500

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25500

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25500.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25500

Aliases

GHSA-ch48-9r3q-pv7x

Published

2023-06-22T13:15:09Z

Modified

2024-09-03T04:24:58.330303Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

References

Affected packages

Git / github.com/vaadin/platform

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/platform
Events: Introduced

8e1b5f1a3f9bb984108d172f19d4d2df4a1987f5

Fixed

e197c9425d8ce8a0c0a9048ca8ac68e75c4950aa

Type: GIT
Repo: https://github.com/vaadin/vaadin
Events: Introduced

a45cc881358732b3d594b20750f1369a65d7237a

Fixed

03387857d07c47bb9199909d3cd38ac4f4628b64

Affected versions

10.*

10.0.0

10.0.1

10.0.10

10.0.11

10.0.12

10.0.13

10.0.14

10.0.15

10.0.16

10.0.17

10.0.18

10.0.19

10.0.2

10.0.20

10.0.21

10.0.22

10.0.3

10.0.4

10.0.5

10.0.6

10.0.7

10.0.8

10.0.9

v24.*

v24.0.0

v24.0.1

v24.0.2

v24.0.3

v24.0.4

v24.0.5

v24.0.6