Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 up to and including 2.4.7 (Vaadin 12.0.0 up to and including 14.4.9), and 6.0.0 up to and including 6.0.1 (Vaadin 19.0.0) allows malicious user to access application classes and resources on the server via crafted HTTP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vaadin flow |
||
vaadin vaadin 19.0.0 |
||
vaadin vaadin |