The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 up to and including 14.8.9, 22.0.6 up to and including 22.0.14, 23.0.0.beta2 up to and including 23.0.8 and 23.1.0.alpha1 up to and including 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vaadin vaadin 23.0.0 |
||
vaadin vaadin |
||
vaadin vaadin 23.1.0 |