Vulnerabilities > CVE-2021-33604 - Unspecified vulnerability in Vaadin

047910
CVSS 2.5 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
high complexity
vaadin

Summary

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.

Vulnerable Configurations

Part Description Count
Application
Vaadin
209