CVE-2022-29567

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-29567
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29567.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-29567
Aliases
Published
2022-05-24T15:15:08Z
Modified
2024-10-12T09:31:30.492171Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.

References

Affected packages

Git / github.com/vaadin/platform

Affected ranges

Type
GIT
Repo
https://github.com/vaadin/platform
Events
Type
GIT
Repo
https://github.com/vaadin/vaadin
Events

Affected versions

14.*

14.8.5
14.8.6
14.8.7
14.8.8
14.8.9

22.*

22.0.10
22.0.11
22.0.12
22.0.13
22.0.14
22.0.15
22.0.6
22.0.7
22.0.8
22.0.9

23.*

23.0.1

v14.*

v14.8.5
v14.8.6
v14.8.7
v14.8.8
v14.8.9

v23.*

v23.0.1