vaadin/framework

vaadin/framework

Releases359

Frequency2 weeks 23 hours

Last Release about 2 months ago

Stars1.81K

Vaadin 6, 7, 8 is a Java framework for modern Java web applications.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-33609 ↗	Oct 13, 2021Wednesday, 13 October 2021, 11:15	4.3 MEDIUM	4 MEDIUM
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
CVE-2021-31409 ↗	May 6, 2021Thursday, 6 May 2021, 13:15	7.5 HIGH	5 MEDIUM
Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
CVE-2019-25028 ↗	Apr 23, 2021Friday, 23 April 2021, 16:15	5.4 MEDIUM	4.3 MEDIUM
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
CVE-2020-36320 ↗	Apr 23, 2021Friday, 23 April 2021, 16:15	7.5 HIGH	5 MEDIUM
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
CVE-2021-31403 ↗	Apr 23, 2021Friday, 23 April 2021, 16:15	4 MEDIUM	1.9 LOW
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack