GHSA-qcc4-3rxf-gf4m

Source

https://github.com/advisories/GHSA-qcc4-3rxf-gf4m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-qcc4-3rxf-gf4m/GHSA-qcc4-3rxf-gf4m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qcc4-3rxf-gf4m

Aliases

CVE-2021-33605

Published

2021-08-30T16:16:38Z

Modified

2023-11-08T04:06:05.804479Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20

Details

Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors.

https://vaadin.com/security/cve-2021-33605

Database specific

{
    "nvd_published_at": "2021-08-25T13:15:00Z",
    "github_reviewed_at": "2021-08-25T16:15:42Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-754"
    ]
}

References

Affected packages

Maven / com.vaadin:vaadin-checkbox-flow

Package

Name: com.vaadin:vaadin-checkbox-flow; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin-checkbox-flow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.0.0

Fixed

14.6.8

Affected versions

14.*

14.5.0

14.5.1

14.5.2

14.5.3

14.5.4

14.5.5

14.6.0

14.6.1

14.6.2

14.6.3

14.6.4

14.6.5

14.6.6

14.6.7

Maven / com.vaadin:vaadin-checkbox-flow

Package

Name: com.vaadin:vaadin-checkbox-flow; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/vaadin-checkbox-flow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0.0

Fixed

20.0.6

Affected versions

18.*

18.0.0

18.0.1

18.0.2

18.0.3

18.0.4

18.0.5

18.0.6

18.0.7

19.*

19.0.0

19.0.1

19.0.2

19.0.3

19.0.4

19.0.5

19.0.6

19.0.7

19.0.8

19.0.9

20.*

20.0.0

20.0.1

20.0.2

20.0.3

20.0.4

20.0.5