CVE-2018-25007

Summary

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.

Affected Software

VendorProductVersion RangeStatus
VaadinVaadin10.0.0 < *affected
Vaadinflow-server1.0.0 < *affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

References