Debug Messages Revealing Unnecessary Information Affecting com.vaadin:flow-server package, versions [1.0.0,1.0.21) [1.1.0,2.9.3) [3.0.0,9.1.2) [23.0.0,23.3.13) [24.0.0,24.0.9) [24.1.0.alpha1,24.1.0)
Threat Intelligence
EPSS
0.06% (28th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-COMVAADIN-5733732
- published 23 Jun 2023
- disclosed 22 Jun 2023
- credit Unknown
Introduced: 22 Jun 2023
CVE-2023-25500 Open this link in a new tabHow to fix?
Upgrade com.vaadin:flow-server
to version 1.0.21, 2.9.3, 9.1.2, 23.3.13, 24.0.9, 24.1.0 or higher.
Overview
Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information in rpc/PublishedServerEventHandlerRpcHandler.java
. Class and method names can be included in RPC responses when processing modified requests.
CVSS Scores
version 3.1