GHSA-rjww-2x8v-m9v9

Source

https://github.com/advisories/GHSA-rjww-2x8v-m9v9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-rjww-2x8v-m9v9/GHSA-rjww-2x8v-m9v9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rjww-2x8v-m9v9

Aliases

CVE-2020-36319

Published

2021-04-19T14:52:14Z

Modified

2023-11-08T04:03:43.378053Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Potential sensitive data exposure in applications using Vaadin 15

Details

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController

https://vaadin.com/security/cve-2020-36319

Database specific

{
    "nvd_published_at": "2021-04-23T16:15:00Z",
    "github_reviewed_at": "2021-04-16T23:16:31Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200",
        "CWE-668"
    ]
}

References

Affected packages

Maven / com.vaadin:flow-server

Package

Name: com.vaadin:flow-server; View open source insights on deps.dev
Purl: pkg:maven/com.vaadin/flow-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.6

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5