Design/Logic Flaw

2021-04-2316:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

36.1%

JSON

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL

CPENameOperatorVersion
flowge1.0.0
flowlt1.0.11
flowge1.1.0
flowlt1.4.3
vaadinge10.0.0
vaadinlt10.0.14
vaadinge11.0.0
vaadinlt13.0.6

Name	Operator	Version
flow	ge	1.0.0
flow	lt	1.0.11
flow	ge	1.1.0
flow	lt	1.4.3
vaadin	ge	10.0.0
vaadin	lt	10.0.14
vaadin	ge	11.0.0
vaadin	lt	13.0.6

References

github.com/vaadin/flow/pull/5498

vaadin.com/security/cve-2019-25027

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for PRION:CVE-2019-25027