Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 up to and including 2.4.1 (Vaadin 14.0.0 up to and including 14.4.2), and 3.0 before 5.0 (Vaadin 15 before 18) allows malicious user to request arbitrary files stored outside of intended frontend resources folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vaadin flow |
||
vaadin vaadin |