Information Exposure Affecting com.vaadin:flow-server Open this link in a new tab package, versions [3.0.0,3.0.6)
Do your applications use this vulnerable package?
21 Apr 2021
19 Apr 2021
How to fix?
com.vaadin:flow-server to version 3.0.6 or higher.
Affected versions of this package are vulnerable to Information Exposure. Insecure configuration of default
ObjectMapper may expose sensitive data if the application also uses e.g.