Homepage

com.vaadin:vaadin@6.2.3 vulnerabilities

  • latest version

    24.7.2

  • latest non vulnerable version

    24.7.2

  • first published

    15 years ago

  • latest version published

    14 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the com.vaadin:vaadin package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Regular Expression Denial of Service (ReDoS)

    com.vaadin:vaadin is a Java framework for modern Java web applications.

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). EmailValidator catastrophic exponential-time regular expression

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade com.vaadin:vaadin to version 8.0 or higher.

    [0,8.0)
    • M
    Cross-site Scripting (XSS)

    com.vaadin:vaadin is a Java framework for modern Java web applications.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page.

    How to fix Cross-site Scripting (XSS)?

    Upgrade com.vaadin:vaadin to version 6.4.9 or higher.

    [,6.4.9)
    Go back to all versions of this package