Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.vaadin/vaadin-upload-flow@2.3.1

Type maven

Namespace com.vaadin

Name vaadin-upload-flow

Version 2.3.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 14.13.1

Latest_non_vulnerable_version 24.7.7

Affected_by_vulnerabilities

url VCID-9ruj-u6nm-skec

vulnerability_id VCID-9ruj-u6nm-skec

summary

Vaadin Flow Components possible file bypass via upload validation on the server-side
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version.

references

reference_url

https://github.com/vaadin/flow-components

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/flow-components

reference_url

https://github.com/vaadin/flow-components/commit/bfe9e507cdcc5d90a2312c8f0162f798a29ba635

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/flow-components/commit/bfe9e507cdcc5d90a2312c8f0162f798a29ba635

reference_url

https://github.com/vaadin/flow-components/pull/7616

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/flow-components/pull/7616

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-9467

reference_id

CVE-2025-9467

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-9467

reference_url

https://vaadin.com/security/cve-2025-9467

reference_id

CVE-2025-9467

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://vaadin.com/security/cve-2025-9467

reference_url	https://github.com/advisories/GHSA-94g8-xv23-7656
reference_id	GHSA-94g8-xv23-7656
reference_type
scores
url	https://github.com/advisories/GHSA-94g8-xv23-7656

reference_url

https://github.com/vaadin/flow-components/security/advisories/GHSA-94g8-xv23-7656

reference_id

GHSA-94g8-xv23-7656

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/flow-components/security/advisories/GHSA-94g8-xv23-7656

fixed_packages

url	pkg:maven/com.vaadin/vaadin-upload-flow@14.13.1
purl	pkg:maven/com.vaadin/vaadin-upload-flow@14.13.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-upload-flow@14.13.1

url	pkg:maven/com.vaadin/vaadin-upload-flow@23.6.2
purl	pkg:maven/com.vaadin/vaadin-upload-flow@23.6.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-upload-flow@23.6.2

url	pkg:maven/com.vaadin/vaadin-upload-flow@24.7.7
purl	pkg:maven/com.vaadin/vaadin-upload-flow@24.7.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-upload-flow@24.7.7

aliases GHSA-94g8-xv23-7656

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ruj-u6nm-skec

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-upload-flow@2.3.1

Package Instance