GHSA-ch48-9r3q-pv7x

Source

https://github.com/advisories/GHSA-ch48-9r3q-pv7x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-ch48-9r3q-pv7x/GHSA-ch48-9r3q-pv7x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ch48-9r3q-pv7x

Aliases

CVE-2023-25500

Published

2023-06-22T20:01:03Z

Modified

2024-02-16T08:21:06.374976Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Vaadin vulnerable to possible information disclosure of class and method names in RPC response

Details

Description

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

https://vaadin.com/security/cve-2023-25500

Database specific

{
    "nvd_published_at": "2023-06-22T13:15:09Z",
    "cwe_ids": [
        "CWE-1295",
        "CWE-200"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-22T20:01:03Z"
}

References

Affected packages

Maven / com.vaadin:flow-server

Package

Name: com.vaadin:flow-server; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/flow-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.21

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

Maven / com.vaadin:flow-server

Package

Name: com.vaadin:flow-server; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/flow-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

2.9.3

Affected versions

1.*

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.3.0

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.1.0.beta2

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0.alpha11

2.2.0

2.2.1

2.2.2

2.2.3

2.3.0.beta1

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.7.10

2.7.11

2.7.12

2.7.13

2.7.14

2.7.15

2.7.16

2.7.17

2.7.18

2.7.19

2.7.20

2.7.21

2.7.22

2.7.23

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.8.10

2.8.11

2.9.0

2.9.1

2.9.2

Maven / com.vaadin:flow-server

Package

Name: com.vaadin:flow-server; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/flow-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

9.1.2

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.1.0

3.1.1

3.1.2

3.1.3

3.1.5

3.1.6

3.1.7

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.0.10

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.0.4

9.0.5

9.0.6

9.0.7

9.0.8

9.0.9

9.0.10

9.0.11

9.0.12

9.0.13

9.0.14

9.0.15

9.0.16

9.0.17

9.0.18

9.0.19

9.0.20

9.0.21

9.0.22

9.0.23

9.0.24

9.0.25

9.0.26

9.1.0

9.1.1

Maven / com.vaadin:flow-server

Package

Name: com.vaadin:flow-server; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/flow-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

23.0.0

Fixed

23.3.13

Affected versions

23.*

23.0.0

23.0.1

23.0.2

23.0.3

23.0.4

23.0.5

23.0.6

23.0.7

23.0.8

23.0.9

23.0.10

23.0.11

23.0.12

23.0.13

23.0.14

23.1.0

23.1.1

23.1.2

23.1.3

23.1.4

23.1.5

23.1.6

23.1.7

23.1.8

23.1.9

23.1.10

23.1.11

23.1.12

23.2.0

23.2.1

23.2.2

23.2.3

23.2.4

23.2.5

23.2.6

23.2.7

23.2.8

23.2.9

23.2.10

23.2.11

23.3.0

23.3.1

23.3.2

23.3.3

23.3.4

23.3.5

23.3.6

23.3.7

23.3.8

23.3.9

23.3.10

23.3.11

23.3.12

Maven / com.vaadin:flow-server

Package

Name: com.vaadin:flow-server; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/flow-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

24.0.0

Fixed

24.0.9

Affected versions

24.*

24.0.0

24.0.1

24.0.2

24.0.3

24.0.4

24.0.5

24.0.6

24.0.7

24.0.8

Maven / com.vaadin:flow-server

Package

Name: com.vaadin:flow-server; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/flow-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

24.1.alpha1

Fixed

24.1.0

Maven / com.vaadin:vaadin

Package

Name: com.vaadin:vaadin; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.0

Fixed

10.0.24

Affected versions

10.*

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.0.5

10.0.6

10.0.7

10.0.8

10.0.9

10.0.10

10.0.11

10.0.12

10.0.13

10.0.14

10.0.15

10.0.16

10.0.17

10.0.18

10.0.19

10.0.20

10.0.21

10.0.22

10.0.23

Maven / com.vaadin:vaadin

Package

Name: com.vaadin:vaadin; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.0

Fixed

14.10.2

Affected versions

11.*

11.0.0

11.0.1

11.0.2

11.0.3

11.0.4

12.*

12.0.0

12.0.1

12.0.2

12.0.3

12.0.4

12.0.5

12.0.6

12.0.7

13.*

13.0.0

13.0.1

13.0.2

13.0.3

13.0.4

13.0.5

13.0.6

13.0.7

13.0.8

13.0.9

13.0.10

13.0.11

13.0.12

13.0.13

14.*

14.0.0

14.0.1

14.0.2

14.0.3

14.0.4

14.0.5

14.0.6

14.0.7

14.0.8

14.0.9

14.0.10

14.0.11

14.0.12

14.0.13

14.0.14

14.0.15

14.1.0

14.1.1

14.1.2

14.1.3

14.1.4

14.1.5

14.1.16

14.1.17

14.1.18

14.1.19

14.1.20

14.1.21

14.1.22

14.1.23

14.1.24

14.1.25

14.1.26

14.1.27

14.1.28

14.2.0

14.2.1

14.2.2

14.2.3

14.3.0

14.3.1

14.3.2

14.3.3

14.3.4

14.3.5

14.3.6

14.3.7

14.3.8

14.3.9

14.4.0

14.4.1

14.4.2

14.4.3

14.4.4

14.4.5

14.4.6

14.4.7

14.4.8

14.4.9

14.4.10

14.5.0

14.5.1

14.5.2

14.5.3

14.5.4

14.5.5

14.6.0

14.6.1

14.6.2

14.6.3

14.6.4

14.6.5

14.6.6

14.6.7

14.6.8

14.6.9

14.7.0

14.7.1

14.7.2

14.7.3

14.7.4

14.7.5

14.7.6

14.7.7

14.7.8

14.8.0

14.8.1

14.8.2

14.8.3

14.8.4

14.8.5

14.8.6

14.8.7

14.8.8

14.8.9

14.8.10

14.8.11

14.8.12

14.8.13

14.8.14

14.8.15

14.8.16

14.8.17

14.8.18

14.8.19

14.8.20

14.9.0

14.9.1

14.9.2

14.9.3

14.9.4

14.9.5

14.9.6

14.9.7

14.9.8

14.10.0

14.10.1

Maven / com.vaadin:vaadin

Package

Name: com.vaadin:vaadin; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0.0

Fixed

22.1.0

Affected versions

15.*

15.0.0

15.0.1

15.0.2

15.0.3

15.0.4

15.0.5

15.0.6

16.*

16.0.0

16.0.1

16.0.2

16.0.3

16.0.4

16.0.5

17.*

17.0.0

17.0.1

17.0.2

17.0.3

17.0.4

17.0.6

17.0.7

17.0.8

17.0.9

17.0.10

17.0.11

18.*

18.0.0

18.0.1

18.0.2

18.0.3

18.0.4

18.0.5

18.0.6

18.0.7

19.*

19.0.0

19.0.1

19.0.2

19.0.3

19.0.4

19.0.5

19.0.6

19.0.7

19.0.8

19.0.9

20.*

20.0.0

20.0.1

20.0.2

20.0.3

20.0.4

20.0.5

20.0.6

20.0.7

20.0.8

21.*

21.0.0

21.0.1

21.0.2

21.0.3

21.0.4

21.0.5

21.0.6

21.0.7

21.0.8

21.0.9

22.*

22.0.0

22.0.1

22.0.2

22.0.3

22.0.4

22.0.5

22.0.6

22.0.7

22.0.8

22.0.9

22.0.10

22.0.11

22.0.12

22.0.13

22.0.14

22.0.15

22.0.16

22.0.17

22.0.18

22.0.20

22.0.21

22.0.22

22.0.23

22.0.24

22.0.25

22.0.26

22.0.27

22.0.28

Maven / com.vaadin:vaadin

Package

Name: com.vaadin:vaadin; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

23.0.0

Fixed

23.3.14

Affected versions

23.*

23.0.0

23.0.1

23.0.2

23.0.3

23.0.4

23.0.5

23.0.6

23.0.7

23.0.8

23.0.9

23.0.10

23.0.11

23.0.12

23.0.13

23.0.14

23.0.15

23.0.16

23.1.0

23.1.1

23.1.2

23.1.3

23.1.4

23.1.6

23.1.7

23.1.8

23.1.9

23.1.10

23.1.11

23.1.12

23.1.13

23.1.14

23.1.15

23.1.16

23.1.17

23.2.0

23.2.1

23.2.2

23.2.3

23.2.4

23.2.5

23.2.6

23.2.7

23.2.8

23.2.9

23.2.10

23.2.11

23.2.12

23.2.13

23.2.14

23.2.15

23.2.16

23.2.17

23.3.0

23.3.1

23.3.2

23.3.3

23.3.4

23.3.5

23.3.6

23.3.7

23.3.8

23.3.9

23.3.10

23.3.11

23.3.12

23.3.13

Maven / com.vaadin:vaadin

Package

Name: com.vaadin:vaadin; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

24.0.0

Fixed

24.0.7

Affected versions

24.*

24.0.0

24.0.1

24.0.2

24.0.3

24.0.4

24.0.5

24.0.6

Maven / com.vaadin:vaadin

Package

Name: com.vaadin:vaadin; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

24.1.0.alpha1

Fixed

24.1.0