com.vaadin:vaadin-bom
Maven9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.vaadin:vaadin-bompage 1 of 1
- CVE-2019-25028MEDIUMCVSS 5.4EG 5.4✓ Fixed in 8.8.52021-04-23
vulnerable: 8.0.0 ... 8.8.4 (46 versions)
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript vi…
- CVE-2020-36320HIGHCVSS 7.5EG 7.5✓ Fixed in 7.7.222021-04-23
vulnerable: 7.4.0 ... 7.7.9 (54 versions)
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
- CVE-2021-31403MEDIUMCVSS 4.0EG 4.0✓ Fixed in 8.12.32021-04-23
vulnerable: 8.0.0 ... 8.9.4 (66 versions)
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a …
- CVE-2021-31405HIGHCVSS 7.5EG 7.5✓ Fixed in 17.0.112021-04-23
vulnerable: 15.0.0 ... 17.0.9 (23 versions)
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolle…
- CVE-2021-31408MEDIUMCVSS 6.3EG 6.3✓ Fixed in 19.0.42021-04-23
vulnerable: 18.0.0 ... 19.0.3 (12 versions)
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protecti…
- CVE-2021-31411MEDIUMCVSS 6.3EG 6.3✓ Fixed in 19.0.52021-05-05
vulnerable: 15.0.0 ... 19.0.4 (37 versions)
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0…
- CVE-2021-31412MEDIUMCVSS 5.3EG 5.3✓ Fixed in 19.0.92021-06-24
vulnerable: 15.0.0 ... 19.0.8 (41 versions)
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 thro…
- CVE-2021-33604LOWCVSS 2.5EG 2.5✓ Fixed in 19.0.92021-06-24
vulnerable: 15.0.0 ... 19.0.8 (41 versions)
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code…
- CVE-2021-33611MEDIUMCVSS 6.1EG 6.1✓ Fixed in 14.4.52021-11-02
vulnerable: 14.0.0 ... 14.4.4 (54 versions)
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted…
Check whether com.vaadin:vaadin-bom is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.vaadin:vaadin-bom CVEs against the assets you own.
Start Free Scan →