CVE-2022-29567
- Source
- https://cve.org/CVERecord?id=CVE-2022-29567
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29567.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-29567
- Aliases
- Published
- 2022-05-24T14:20:19.452Z
- Modified
- 2026-05-13T04:03:15.542742064Z
- Severity
-
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Possible information disclosure inside TreeGrid component with default data provider
- Details
-
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
- Database specific
{ "cna_assigner": "Vaadin", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29567.json", "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Git / github.com/vaadin/flow-components
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vaadin/flow-components
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "AFFECTED_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "14.8.5" }, { "last_affected": "14.8.9" }, { "last_affected": "22.0.6" }, { "last_affected": "22.0.14" }, { "last_affected": "23.0.0.beta2" }, { "last_affected": "23.0.8" }, { "last_affected": "23.1.0.alpha1" }, { "last_affected": "23.1.0.alpha4" } ] }
Affected versions
14.*
14.4.0
14.5.0.alpha1
14.5.0.alpha2
14.5.0.alpha3
14.5.0.beta1
14.5.0.rc1
14.6.0.alpha1
14.6.0.alpha2
14.6.0.beta1
14.6.0.beta2
14.7.0.alpha1
14.7.0.alpha2
14.7.0.alpha3
14.7.0.beta1
14.7.0.rc1
14.8.0
14.8.0.alpha1
14.8.0.beta1
14.8.1
14.8.2
14.8.3
14.8.4
14.8.5
14.8.6
14.8.7
14.8.8
14.8.9
18.*
18.0.0.alpha1
18.0.0.beta1
18.0.0.beta2
19.*
19.0.0.alpha1
19.0.0.alpha2
19.0.0.alpha3
19.0.0.alpha4
19.0.0.alpha5
19.0.0.beta1
19.0.0.beta2
19.0.0.beta3
20.*
20.0.0.alpha1
20.0.0.alpha2
20.0.0.alpha3
20.0.0.alpha4
20.0.0.alpha5
20.0.0.alpha6
20.0.0.alpha7
20.0.0.alpha8
21.*
21.0.0.alpha1
21.0.0.alpha10
21.0.0.alpha2
21.0.0.alpha3
21.0.0.alpha4
21.0.0.alpha5
21.0.0.alpha6
21.0.0.alpha7
21.0.0.alpha8
21.0.0.alpha9
22.*
22.0.0
22.0.0.alpha1
22.0.0.alpha2
22.0.0.alpha3
22.0.0.alpha4
22.0.0.alpha5
22.0.0.alpha6
22.0.0.alpha7
22.0.0.alpha8
22.0.0.alpha9
22.0.0.beta1
22.0.0.beta2
22.0.0.beta3
22.0.0.rc1
22.0.1
22.0.10
22.0.11
22.0.12
22.0.13
22.0.14
22.0.2
22.0.3
22.0.4
22.0.5
22.0.6
22.0.7
22.0.8
22.0.9
23.*
23.0.0
23.0.0.alpha1
23.0.0.alpha2
23.0.0.alpha3
23.0.0.alpha4
23.0.0.beta1
23.0.0.beta2
23.0.0.beta3
23.0.0.beta4
23.0.0.rc1
23.0.1
23.0.2
23.0.3
23.0.4
23.0.5
23.0.6
23.0.7
23.0.8
23.1.0.alpha1
23.1.0.alpha2
23.1.0.alpha3
23.1.0.alpha4
Other
migration
Git / github.com/vaadin/vaadin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vaadin/vaadin
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "cpe": [ "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.1.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.1.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.1.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:vaadin:vaadin:23.1.0:alpha4:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "14.8.5" }, { "last_affected": "14.8.9" }, { "introduced": "22.0.6" }, { "last_affected": "22.0.15" }, { "introduced": "23.0.1" }, { "last_affected": "23.0.8" }, { "introduced": "0" }, { "last_affected": "23.0.0-NA" }, { "last_affected": "23.0.0-beta2" }, { "last_affected": "23.0.0-beta3" }, { "last_affected": "23.0.0-beta4" }, { "last_affected": "23.0.0-rc1" }, { "last_affected": "23.1.0-alpha1" }, { "last_affected": "23.1.0-alpha2" }, { "last_affected": "23.1.0-alpha3" }, { "last_affected": "23.1.0-alpha4" } ] }
Affected versions
v10.*
v10.0.0
v10.0.0-alpha10
v10.0.0-alpha11
v10.0.0-alpha12
v10.0.0-alpha13
v10.0.0-alpha14
v10.0.0-alpha15
v10.0.0-alpha16
v10.0.0-alpha17
v10.0.0-alpha18
v10.0.0-alpha19
v10.0.0-alpha20
v10.0.0-alpha21
v10.0.0-alpha22
v10.0.0-alpha23
v10.0.0-alpha5
v10.0.0-alpha6
v10.0.0-alpha7
v10.0.0-alpha8
v10.0.0-alpha9
v10.0.0-beta1
v10.0.0-beta10
v10.0.0-beta11
v10.0.0-beta2
v10.0.0-beta3
v10.0.0-beta4
v10.0.0-beta5
v10.0.0-beta6
v10.0.0-beta7
v10.0.0-beta8
v10.0.0-beta9
v10.0.0-rc1
v10.0.0-rc2
v10.0.0-rc3
v10.0.0-rc4
v10.0.0-rc5
v10.0.1
v10.0.2
v11.*
v11.0.0-alpha1
v11.0.0-beta1
v12.*
v12.0.0
v12.0.0-alpha1
v12.0.0-alpha2
v12.0.0-alpha3
v12.0.0-alpha4
v12.0.0-alpha5
v12.0.0-beta1
v12.0.0-beta2
v12.0.1
v12.0.2
v13.*
v13.0.0
v13.0.0-alpha1
v13.0.0-alpha2
v13.0.0-alpha3
v13.0.0-alpha4
v13.0.0-beta1
v13.0.0-beta2
v13.0.0-beta3
v13.0.1
v14.*
v14.0.0
v14.0.0-alpha1
v14.0.0-alpha2
v14.0.0-alpha3
v14.0.0-alpha4
v14.0.0-beta1
v14.0.0-beta2
v14.0.0-beta3
v14.0.0-rc1
v14.0.0-rc2
v14.0.0-rc3
v14.0.0-rc4
v14.0.0-rc5
v14.0.0-rc6
v14.0.0-rc7
v14.0.0-rc8
v14.0.0-rc9
v14.0.1
v14.0.2
v14.8.5
v14.8.6
v14.8.7
v14.8.8
v14.8.9
v15.*
v15.0.0-alpha1
v15.0.0-alpha10
v15.0.0-alpha11
v15.0.0-alpha12
v15.0.0-alpha13
v15.0.0-alpha14
v15.0.0-alpha15
v15.0.0-alpha2
v15.0.0-alpha3
v15.0.0-alpha4
v15.0.0-alpha5
v15.0.0-alpha6
v15.0.0-alpha7
v15.0.0-alpha8
v15.0.0-alpha9
v15.0.0-beta1
v15.0.0-beta2
v15.0.0-beta3
v15.0.0-beta4
v15.0.0-beta5
v15.0.0-rc1
v16.*
v16.0.0-alpha1
v16.0.0-alpha2
v16.0.0-alpha3
v17.*
v17.0.0
v17.0.0-alpha1
v17.0.0-alpha2
v17.0.0-alpha3
v17.0.0-alpha4
v17.0.0-alpha5
v17.0.0-alpha6
v17.0.0-alpha7
v17.0.0-beta1
v17.0.0-beta2
v17.0.0-beta3
v17.0.0-rc1
v17.0.0-rc2
v18.*
v18.0.0-alpha1
v18.0.0-beta1
v18.0.0-beta2
v19.*
v19.0.0-alpha1
v19.0.0-alpha2
v19.0.0-alpha3
v19.0.0-alpha4
v19.0.0-alpha5
v19.0.0-beta1
v19.0.0-beta2
v19.0.0-beta3
v2.*
v2.0.0-alpha1
v2.0.0-alpha2
v2.0.0-alpha3
v20.*
v20.0.0-alpha1
v20.0.0-alpha2
v20.0.0-alpha3
v20.0.0-alpha4
v20.0.0-alpha5
v20.0.0-alpha6
v20.0.0-alpha7
v20.0.0-alpha8
v21.*
v21.0.0-alpha0
v21.0.0-alpha1
v21.0.0-alpha10
v21.0.0-alpha2
v21.0.0-alpha3
v21.0.0-alpha4
v21.0.0-alpha5
v21.0.0-alpha6
v21.0.0-alpha7
v21.0.0-alpha8
v21.0.0-alpha9
v22.*
v22.0.0-alpha1
v22.0.0-alpha2
v22.0.0-alpha3
v22.0.0-alpha4
v22.0.0-alpha5
v22.0.0-alpha6
v22.0.0-alpha7
v22.0.0-alpha8
v22.0.0-alpha9
v22.0.0-beta1
v22.0.0-beta2
v22.0.0-beta3
v22.0.10
v22.0.11
v22.0.12
v22.0.13
v22.0.14
v22.0.15
v22.0.6
v22.0.7
v22.0.8
v22.0.9
v23.*
v23.0.0
v23.0.0-alpha1
v23.0.0-alpha2
v23.0.0-alpha3
v23.0.0-alpha4
v23.0.0-beta1
v23.0.0-beta2
v23.0.0-beta3
v23.0.0-beta4
v23.0.0-rc1
v23.0.1
v23.0.2
v23.0.3
v23.0.4
v23.0.5
v23.0.6
v23.0.7
v23.0.8
v23.1.0-alpha1
v23.1.0-alpha2
v23.1.0-alpha3
v23.1.0-alpha4