Lucene search
PRIOn knowledge basePRION:CVE-2022-29567HistoryMay 24, 2022 - 3:15 p.m.
Default configuration
2022-05-2415:15:00
PRIOn knowledge base
www.prio-n.com
2
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vaadin | eq | 23.0.0 beta2 | |
| vaadin | eq | 23.0.0 beta3 | |
| vaadin | eq | 23.0.0 beta4 | |
| vaadin | eq | 23.0.0 rc1 | |
| vaadin | ge | 23.0.1 | |
| vaadin | le | 23.0.8 | |
| vaadin | ge | 22.0.6 | |
| vaadin | le | 22.0.15 | |
| vaadin | ge | 14.8.5 | |
| vaadin | le | 14.8.9 |
Related
vaadin
vaadin
cvelist
cvelist
cve
cve
CVE-2022-29567
2022-05-24 15:15:08
osv
osv
Possible information disclosure inside TreeGrid component with default data provider
2022-05-25 22:40:03
CVE-2022-29567
2022-05-24 15:15:08
nvd
nvd
CVE-2022-29567
2022-05-24 15:15:08
github
github
veracode
veracode
Information Disclosure
2022-05-25 07:23:57