24.6.0
6 years ago
9 days ago
Known vulnerabilities in the com.vaadin:flow-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information in How to fix Debug Messages Revealing Unnecessary Information? Upgrade | [1.0.0,1.0.21)[1.1.0,2.9.3)[3.0.0,9.1.2)[23.0.0,23.3.13)[24.0.0,24.0.9)[24.1.0.alpha1,24.1.0) |
Affected versions of this package are vulnerable to Information Exposure when adding non-visible components to the UI in the server side. How to fix Information Exposure? Upgrade | [1.0.0,1.0.20)[1.1.0,2.8.10)[3.0.0,9.1.1)[23.0.0,23.3.11)[24.0.0,24.0.8)[24.1.0.alpha1,24.1.0) |
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). URL encoding error in development mode handler allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. How to fix Cross-site Scripting (XSS)? Upgrade | [2.0.0,2.6.2)[3.0.0,6.0.10) |
Affected versions of this package are vulnerable to Denial of Service (DoS). Improper sanitization of path in default How to fix Denial of Service (DoS)? Upgrade | [1.0.0,1.0.15)[1.1.0,2.6.2)[3.0.0,6.0.10) |
Affected versions of this package are vulnerable to Insecure Permissions. Insecure temporary directory usage in frontend build functionality allows local users to inject malicious code into frontend resources during application rebuilds. How to fix Insecure Permissions? Upgrade | [3.0.0,6.0.6)[2.0.9,2.5.3) |
Affected versions of this package are vulnerable to Timing Attack. Non-constant-time comparison of CSRF tokens in endpoint request handler allows an attacker to guess a security token for Fusion endpoints via timing attack. How to fix Timing Attack? Upgrade | [3.0.0,5.0.4) |
Affected versions of this package are vulnerable to Directory Traversal. Improper URL validation in development mode handler allows attackers to request arbitrary files stored outside of intended frontend resources folder. How to fix Directory Traversal? Upgrade | [3.0.0,5.0.0)[2.0.0,2.4.2) |
Affected versions of this package are vulnerable to Timing Attack due to using inconstant time comparison for CSRF tokens in the UIDL request handler, allowing attackers to guess a security token. How to fix Timing Attack? Upgrade | [,1.0.14)[1.1.0,2.4.7)[3.0.0,5.0.3) |