Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.5 (Vaadin 10.0.0 up to and including 10.0.7, and 11.0.0 up to and including 11.0.2) allows malicious user to update element property values via crafted synchronization message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vaadin flow |
||
vaadin vaadin |