Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 before 2.0.0 (Vaadin 12.0.0 before 14.0.0), 2.0.0 before 3.0.0 (Vaadin 14.0.0 before 14.5.0), 3.0.0 up to and including 4.0.1 (Vaadin 15.0.0 up to and including 17.0.11), 14.5.0 up to and including 14.6.7 (Vaadin 14.5.0 up to and including 14.6.7), and 18.0.0 up to and including 20.0.5 (Vaadin 18.0.0 up to and including 20.0.5) allows malicious users to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vaadin vaadin-checkbox-flow |