CVE-2018-25007

Published: 2021-04-23T16:15Z

Last Modified: 2024-11-21T04:03Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt