com.vaadin:flow-server@6.0.9 vulnerabilities
-
latest version
24.3.7
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
17 days ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.vaadin:flow-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information in How to fix Debug Messages Revealing Unnecessary Information? Upgrade |
[1.0.0,1.0.21)
[1.1.0,2.9.3)
[3.0.0,9.1.2)
[23.0.0,23.3.13)
[24.0.0,24.0.9)
[24.1.0.alpha1,24.1.0)
|
Affected versions of this package are vulnerable to Information Exposure when adding non-visible components to the UI in the server side. How to fix Information Exposure? Upgrade |
[1.0.0,1.0.20)
[1.1.0,2.8.10)
[3.0.0,9.1.1)
[23.0.0,23.3.11)
[24.0.0,24.0.8)
[24.1.0.alpha1,24.1.0)
|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). URL encoding error in development mode handler allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. How to fix Cross-site Scripting (XSS)? Upgrade |
[2.0.0,2.6.2)
[3.0.0,6.0.10)
|
Affected versions of this package are vulnerable to Denial of Service (DoS). Improper sanitization of path in default How to fix Denial of Service (DoS)? Upgrade |
[1.0.0,1.0.15)
[1.1.0,2.6.2)
[3.0.0,6.0.10)
|