Vulnerabilities > Vaadin

DATE CVE VULNERABILITY TITLE RISK
2021-04-23 CVE-2020-36320 Resource Exhaustion vulnerability in Vaadin
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
network
low complexity
vaadin CWE-400
7.5
2021-04-23 CVE-2020-36319 Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g.
network
low complexity
vaadin CWE-668
6.5
2021-04-23 CVE-2019-25028 Cross-site Scripting vulnerability in Vaadin
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
network
low complexity
vaadin CWE-79
6.1