GHSA-76f4-fw33-6j2v

Source

https://github.com/advisories/GHSA-76f4-fw33-6j2v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-76f4-fw33-6j2v/GHSA-76f4-fw33-6j2v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-76f4-fw33-6j2v

Published

2021-04-19T14:48:26Z

Modified

2024-12-02T05:26:03.528Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Potential sensitive data exposure in applications using Vaadin 15

Details

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController

https://vaadin.com/security/cve-2020-36319

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-16T23:14:31Z"
}

References

Affected packages

Maven / com.vaadin:vaadin-bom

Package

Name: com.vaadin:vaadin-bom; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin-bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0.0

Fixed

15.0.5

Affected versions

15.*

15.0.0

15.0.1

15.0.2

15.0.3

15.0.4