com.vaadin:vaadin-server@8.5.1 vulnerabilities
-
latest version
8.24.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
2 months ago
-
licenses detected
- [7.0.0.beta1,8.16.1)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.vaadin:vaadin-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Denial of Service (DoS) via the How to fix Denial of Service (DoS)? Upgrade |
[8.0.0,8.14.1)
|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Timing Attack. Non-constant-time comparison of CSRF tokens in the UIDL request handler allows an attacker to guess a security token via timing attack. How to fix Timing Attack? Upgrade |
[8.0.0,8.12.3)
[7.0.0,7.7.24)
|
com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Missing variable sanitization in How to fix Cross-site Scripting (XSS)? Upgrade |
[8.0.0,8.8.5)
[7.4.0,7.7.20)
|