Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.vaadin/flow-server@9.1.2

Type maven

Namespace com.vaadin

Name flow-server

Version 9.1.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 14.14.1

Latest_non_vulnerable_version 25.0.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-tfwa-kphb-j3b8

vulnerability_id VCID-tfwa-kphb-j3b8

summary

Exposure of Sensitive Information to an Unauthorized Actor
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

references

reference_url	https://github.com/vaadin/flow/pull/16935
reference_id
reference_type
scores
url	https://github.com/vaadin/flow/pull/16935

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-25500
reference_id	CVE-2023-25500
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-25500

reference_url	https://vaadin.com/security/cve-2023-25500
reference_id	CVE-2023-25500
reference_type
scores
url	https://vaadin.com/security/cve-2023-25500

reference_url	https://github.com/advisories/GHSA-ch48-9r3q-pv7x
reference_id	GHSA-ch48-9r3q-pv7x
reference_type
scores
url	https://github.com/advisories/GHSA-ch48-9r3q-pv7x

reference_url	https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x
reference_id	GHSA-ch48-9r3q-pv7x
reference_type
scores
url	https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x

fixed_packages

url	pkg:maven/com.vaadin/flow-server@1.0.21
purl	pkg:maven/com.vaadin/flow-server@1.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.0.21

url	pkg:maven/com.vaadin/flow-server@2.9.3
purl	pkg:maven/com.vaadin/flow-server@2.9.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.9.3

url	pkg:maven/com.vaadin/flow-server@9.1.2
purl	pkg:maven/com.vaadin/flow-server@9.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@9.1.2

url	pkg:maven/com.vaadin/flow-server@23.3.13
purl	pkg:maven/com.vaadin/flow-server@23.3.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@23.3.13

url	pkg:maven/com.vaadin/flow-server@24.0.9
purl	pkg:maven/com.vaadin/flow-server@24.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@24.0.9

aliases CVE-2023-25500, GHSA-ch48-9r3q-pv7x

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfwa-kphb-j3b8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@9.1.2

Package Instance