Vulnerabilities > Vaadin > Vaadin > 23.0.2

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-25499 Information Exposure vulnerability in Vaadin
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
network
low complexity
vaadin CWE-200
6.5
6.5
2023-06-22 CVE-2023-25500 Information Exposure vulnerability in Vaadin
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
network
low complexity
vaadin CWE-200
4.3
4.3
2022-05-24 CVE-2022-29567 Information Exposure vulnerability in Vaadin
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
network
low complexity
vaadin CWE-200
7.5
7.5