VulnerableCode Package Details - pkg:maven/com.vaadin/flow-server@1.0.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-cd2n-d7w1-mfc6 Aliases: CVE-2019-25027 GHSA-rp4x-wxqv-cf9m	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL	1.0.11 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.4.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-hqrf-7nbq-9bdw Aliases: CVE-2021-31404 GHSA-xwg3-qrcg-w9x6	Information Exposure Through Discrepancy A non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:flow-server` allows attacker to guess a security token via timing attack.	1.0.14 Affected by 0 other vulnerabilities. 1.4.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.0.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cd2n-d7w1-mfc6
Aliases:
CVE-2019-25027
GHSA-rp4x-wxqv-cf9m

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL

1.0.11
Affected by 1 other vulnerability.

1.4.3
Affected by 1 other vulnerability.

VCID-hqrf-7nbq-9bdw
Aliases:
CVE-2021-31404
GHSA-xwg3-qrcg-w9x6

Information Exposure Through Discrepancy A non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:flow-server` allows attacker to guess a security token via timing attack.

1.0.14
Affected by 0 other vulnerabilities.

1.4.1
Affected by 2 other vulnerabilities.

2.4.7
Affected by 1 other vulnerability.

4.0.1
Affected by 1 other vulnerability.

5.0.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-pzs6-2td6-vfee	Improper Check for Unusual or Exceptional Conditions Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.	CVE-2018-25007 GHSA-jmx8-355m-8vwh

Vulnerability

Summary

Aliases

VCID-pzs6-2td6-vfee

Improper Check for Unusual or Exceptional Conditions Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.

CVE-2018-25007
GHSA-jmx8-355m-8vwh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:50:04.747261+00:00	GitLab Importer	Affected by	VCID-hqrf-7nbq-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.vaadin/flow-server/CVE-2021-31404.yml	38.6.0
2026-06-04T20:49:32.279168+00:00	GitLab Importer	Affected by	VCID-cd2n-d7w1-mfc6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.vaadin/flow-server/CVE-2019-25027.yml	38.6.0
2026-06-04T17:26:18.273980+00:00	GithubOSV Importer	Fixing	VCID-pzs6-2td6-vfee	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-jmx8-355m-8vwh/GHSA-jmx8-355m-8vwh.json	38.6.0
2026-06-04T16:21:02.998268+00:00	GitLab Importer	Fixing	VCID-pzs6-2td6-vfee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.vaadin/flow-server/CVE-2018-25007.yml	38.6.0