CVE-2023-25499
CVSS V2 None
CVSS V3 None
Description
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
Overview
- CVE ID
- CVE-2023-25499
- Assigner
- Vaadin
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-06-22T12:47:57.760Z
- Last Modified Date
- 2023-06-22T12:47:57.760Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://vaadin.com/security/CVE-2023-25499 | |
| https://github.com/vaadin/flow/pull/15885 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-25499 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25499 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 17:37:31 | Added to TrackCVE |