Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.vaadin/vaadin-bom@15.0.0

Type maven

Namespace com.vaadin

Name vaadin-bom

Version 15.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.13.0

Latest_non_vulnerable_version 20.0.6

Affected_by_vulnerabilities

url VCID-bh45-gu29-nydu

vulnerability_id VCID-bh45-gu29-nydu

summary

Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Improper check in `CheckboxGroup` in `com.vaadin:vaadin-checkbox-flow` versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled `Checkbox` inside enabled `CheckboxGroup` component via unspecified vectors.

- https://vaadin.com/security/cve-2021-33605

references

reference_url	https://github.com/advisories/GHSA-hw7r-qrhp-5pff
reference_id	GHSA-hw7r-qrhp-5pff
reference_type
scores
url	https://github.com/advisories/GHSA-hw7r-qrhp-5pff

reference_url	https://github.com/vaadin/platform/security/advisories/GHSA-hw7r-qrhp-5pff
reference_id	GHSA-hw7r-qrhp-5pff
reference_type
scores
url	https://github.com/vaadin/platform/security/advisories/GHSA-hw7r-qrhp-5pff

fixed_packages

url	pkg:maven/com.vaadin/vaadin-bom@20.0.6
purl	pkg:maven/com.vaadin/vaadin-bom@20.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@20.0.6

aliases GHSA-hw7r-qrhp-5pff, GMS-2021-68

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh45-gu29-nydu

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@15.0.0

Package Instance