← voltar
CVE-2023-25500

CVE-2023-25500

CVSS 3.5 LOWEPSS 0.5%CWE-200
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
flow · flow-servervaadin · vaadin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/vaadin/flow/pull/16935https://vaadin.com/security/cve-2023-25500