Vulnerability	Vulnerable Version
L Debug Messages Revealing Unnecessary Information Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information in `rpc/PublishedServerEventHandlerRpcHandler.java`. Class and method names can be included in RPC responses when processing modified requests. How to fix Debug Messages Revealing Unnecessary Information? Upgrade `com.vaadin:flow-server` to version 1.0.21, 2.9.3, 9.1.2, 23.3.13, 24.0.9, 24.1.0 or higher.	[1.0.0,1.0.21)[1.1.0,2.9.3)[3.0.0,9.1.2)[23.0.0,23.3.13)[24.0.0,24.0.9)[24.1.0.alpha1,24.1.0)
M Information Exposure Affected versions of this package are vulnerable to Information Exposure when adding non-visible components to the UI in the server side. How to fix Information Exposure? Upgrade `com.vaadin:flow-server` to version 1.0.20, 2.8.10, 9.1.1, 23.3.11, 24.0.8, 24.1.0 or higher.	[1.0.0,1.0.20)[1.1.0,2.8.10)[3.0.0,9.1.1)[23.0.0,23.3.11)[24.0.0,24.0.8)[24.1.0.alpha1,24.1.0)

Debug Messages Revealing Unnecessary Information

Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information in rpc/PublishedServerEventHandlerRpcHandler.java. Class and method names can be included in RPC responses when processing modified requests.

How to fix Debug Messages Revealing Unnecessary Information?

Upgrade com.vaadin:flow-server to version 1.0.21, 2.9.3, 9.1.2, 23.3.13, 24.0.9, 24.1.0 or higher.

[1.0.0,1.0.21)[1.1.0,2.9.3)[3.0.0,9.1.2)[23.0.0,23.3.13)[24.0.0,24.0.9)[24.1.0.alpha1,24.1.0)

Information Exposure

Affected versions of this package are vulnerable to Information Exposure when adding non-visible components to the UI in the server side.

How to fix Information Exposure?

Upgrade com.vaadin:flow-server to version 1.0.20, 2.8.10, 9.1.1, 23.3.11, 24.0.8, 24.1.0 or higher.

[1.0.0,1.0.20)[1.1.0,2.8.10)[3.0.0,9.1.1)[23.0.0,23.3.11)[24.0.0,24.0.8)[24.1.0.alpha1,24.1.0)

Go back to all versions of this package