CVE-2018-25007
- Source
- https://cve.org/CVERecord?id=CVE-2018-25007
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25007.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-25007
- Aliases
- Published
- 2021-04-23T16:15:07.933Z
- Modified
- 2026-03-12T22:51:31.726703Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.
- References
Affected packages
Git / github.com/vaadin/flow
Affected ranges
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v11.*
v11.0.0
v11.0.0-alpha1
v11.0.0-beta1
v11.0.0-beta2
v11.0.0-beta3
v11.0.1
v11.0.2
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2018-25007-0faafb9d",
"signature_version": "v1",
"digest": {
"length": 1113.0,
"function_hash": "309254529317160109978744765093909497398"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "parseCachedTemplate_twoTemplatesWithInjetions_injectionsAreRegisteredInFeature"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-24c3e45b",
"signature_version": "v1",
"digest": {
"length": 164.0,
"function_hash": "230294542000640822027397291340549293878"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "IdElementTemplate"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-45c86149",
"signature_version": "v1",
"digest": {
"length": 270.0,
"function_hash": "303032286365044452429978902939442486945"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "TemplateWithChildInDomRepeat"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-4c5b875d",
"signature_version": "v1",
"digest": {
"length": 162.0,
"function_hash": "328149685000126517100438396288577367696"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "TemplateInTemplate"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-541fc1f2",
"signature_version": "v1",
"digest": {
"length": 241.0,
"function_hash": "295074943548128195237303468521814680835"
},
"deprecated": false,
"target": {
"file": "flow-server/src/main/java/com/vaadin/flow/component/polymertemplate/TemplateDataAnalyzer.java",
"function": "head"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-6004c4d7",
"signature_version": "v1",
"digest": {
"length": 352.0,
"function_hash": "250768283966778343512729266481122691459"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "BundledTemplateInTemplate"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-6637e952",
"signature_version": "v1",
"digest": {
"length": 499.0,
"function_hash": "89011873543828274818332082117494356960"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "getTemplateContent"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-79d4b19b",
"signature_version": "v1",
"digest": {
"length": 848.0,
"function_hash": "16269345403540832709411605441695316497"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "setUp"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-7c3284d7",
"signature_version": "v1",
"digest": {
"length": 173.0,
"function_hash": "199744405677960256179826052955650292843"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "ExecutionOrder"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-8d132544",
"signature_version": "v1",
"digest": {
"length": 466.0,
"function_hash": "257421466117554992974656102548395812946"
},
"deprecated": false,
"target": {
"file": "flow-server/src/main/java/com/vaadin/flow/component/polymertemplate/TemplateDataAnalyzer.java",
"function": "inspectTwoWayBindings"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Line",
"id": "CVE-2018-25007-91830438",
"signature_version": "v1",
"digest": {
"line_hashes": [
"298089347245261224740321253065826994335",
"186198978410790920875122811898054089898",
"21952615406179746750700951766337702907",
"184486080046520611114001651704324598814",
"244827579485265019966665695788011310993",
"262362589193713960370827979970852997279",
"219129510406669791578366380803894900782",
"17009800162955092351500294231755934988",
"339681126760081074007602882829601304610",
"191858904403095657800138958235945067661",
"324820405712025126414835629118243472367",
"68884367277563326111857801634052709552",
"186460068313709534824046521401818841451",
"224301604506202064207533652946541944069",
"323140523891755966178811713540556546928",
"21335763863424313735672488488786953988",
"274495571705479901970113965594344028979",
"46829916983729473357487696993283977926",
"262315594651116045872693402276294116723",
"334955913145157393518414195737190934542",
"255886316437089161526042370899634071376",
"80985418369200448503530664277698262275",
"186771752503785958202804018800655770171",
"252355614304530826544761355520138086442",
"177570870422282704870820178216392389498",
"124738485358123016996453907451243047966",
"141877087956878417293897410148063506854",
"107849598228090087725094348395629887521",
"214356700405373514476260243026173658265",
"153574326465535324135986036784884320442",
"104669160841206478282716478650240969650",
"284186165711424604193826842417480219814",
"312109643813576908444668198256173572090",
"94553712842747168819264900688897002133",
"133223188575194580509696404538824681097",
"157915399923818059467296207961075277910",
"28776501075093293301487737149927280969",
"107835296728670780524422153719704141421",
"332578251405851967099409150518098531252",
"339441823757630311406086261711251574824",
"24163721874551906643713717539491448858",
"254459886200515902163842957408287786110",
"234296845856971958240321677308897511839",
"12567707883259977806529051458661903045",
"124596177139765322559760365981802261750",
"15259414305192077191597728735315372838",
"259836864135558194918870963056570008184",
"83895110301187301603446876096445052833",
"83925204316969867372045933144705834411"
],
"threshold": 0.9
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-918c48df",
"signature_version": "v1",
"digest": {
"length": 80.0,
"function_hash": "271338877315283448777396590351639960648"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "SimpleTemplateParser"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-9de4eb1d",
"signature_version": "v1",
"digest": {
"length": 243.0,
"function_hash": "207264139625159891860614014323262031142"
},
"deprecated": false,
"target": {
"file": "flow-server/src/test/java/com/vaadin/flow/component/polymertemplate/PolymerTemplateTest.java",
"function": "parseTemplate_hasChildTemplateAndTemplateHtmlStyle_elementIsCreatedAndSetAsVirtualChild"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Line",
"id": "CVE-2018-25007-b44eeb1a",
"signature_version": "v1",
"digest": {
"line_hashes": [
"70875497824335303735318466291242066116",
"52270939211813367629320861361633674099",
"290355618636866370850816011946237234580",
"85284835111303739450198565533371430750"
],
"threshold": 0.9
},
"deprecated": false,
"target": {
"file": "flow-server/src/main/java/com/vaadin/flow/component/polymertemplate/DefaultTemplateParser.java"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Line",
"id": "CVE-2018-25007-cce4edf6",
"signature_version": "v1",
"digest": {
"line_hashes": [
"33718312277920235412275887533042091215",
"208922664964465314531575950054812174951",
"260438801600315093504825818126627644142",
"38004184092546674449619745992114374545"
],
"threshold": 0.9
},
"deprecated": false,
"target": {
"file": "flow-server/src/main/java/com/vaadin/flow/component/polymertemplate/TemplateDataAnalyzer.java"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
},
{
"signature_type": "Function",
"id": "CVE-2018-25007-ff179963",
"signature_version": "v1",
"digest": {
"length": 235.0,
"function_hash": "14811737297873402565908535305403628658"
},
"deprecated": false,
"target": {
"file": "flow-server/src/main/java/com/vaadin/flow/component/polymertemplate/DefaultTemplateParser.java",
"function": "removeCommentsRecursively"
},
"source": "https://github.com/vaadin/flow/commit/894baa477588a9d1f09bb0e0442ce84f37263464"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25007.json"