com.vaadin:vaadin-server@7.7.17 vulnerabilities
-
latest version
8.24.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
2 months ago
-
licenses detected
- [7.0.0.beta1,8.16.1)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.vaadin:vaadin-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Denial of Service (DoS). Unsafe validation RegEx in How to fix Denial of Service (DoS)? Upgrade |
[7.0.0,7.7.22)
|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Timing Attack. Non-constant-time comparison of CSRF tokens in the UIDL request handler allows an attacker to guess a security token via timing attack. How to fix Timing Attack? Upgrade |
[8.0.0,8.12.3)
[7.0.0,7.7.24)
|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Missing variable sanitization in How to fix Cross-site Scripting (XSS)? Upgrade |
[8.0.0,8.8.5)
[7.4.0,7.7.20)
|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). EmailValidator catastrophic exponential-time regular expression How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,7.7.22)
|