CVE-2021-33609

Published October 13th, 2021

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

vaadin/framework

Vaadin 6, 7, 8 is a Java framework for modern Java web applications.

GitHub

1.81K