com.vaadin:vaadin-server@7.7.23 vulnerabilities
-
latest version
8.24.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
2 months ago
-
licenses detected
- [7.0.0.beta1,8.16.1)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.vaadin:vaadin-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Timing Attack. Non-constant-time comparison of CSRF tokens in the UIDL request handler allows an attacker to guess a security token via timing attack. How to fix Timing Attack? Upgrade |
[8.0.0,8.12.3)
[7.0.0,7.7.24)
|