Описание
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Пакеты
com.vaadin:flow-server
>= 1.0.0, < 1.0.21
1.0.21
com.vaadin:flow-server
>= 1.1.0, < 2.9.3
2.9.3
com.vaadin:flow-server
>= 3.0.0, < 9.1.2
9.1.2
com.vaadin:flow-server
>= 23.0.0, < 23.3.13
23.3.13
com.vaadin:flow-server
>= 24.0.0, < 24.0.9
24.0.9
com.vaadin:flow-server
>= 24.1.alpha1, < 24.1.0
24.1.0
com.vaadin:vaadin
>= 10.0.0, < 10.0.24
10.0.24
com.vaadin:vaadin
>= 11.0.0, < 14.10.2
14.10.2
com.vaadin:vaadin
>= 15.0.0, < 22.1.0
22.1.0
com.vaadin:vaadin
>= 23.0.0, < 23.3.14
23.3.14
com.vaadin:vaadin
>= 24.0.0, < 24.0.7
24.0.7
com.vaadin:vaadin
>= 24.1.0.alpha1, < 24.1.0
24.1.0
Связанные уязвимости
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.