Improper Input Validation Affecting com.vaadin:flow-server Open this link in a new tab package, versions [1.0.0,1.0.6)
Do your applications use this vulnerable package?
21 Apr 2021
19 Apr 2021
How to fix?
com.vaadin:flow-server to version 1.0.6 or higher.
Affected versions of this package are vulnerable to Improper Input Validation. Missing check in UIDL request handler allows attacker to update element property values via crafted synchronization message.