CVE-2020-36321

Path Traversal in maven/com.vaadin/flow-server

Identifier

CVE-2020-36321

Package Slug

maven/com.vaadin/flow-server

Vulnerability

Path Traversal

Description

Improper URL validation in development mode handler in com.vaadin:flow-server allows attacker to request arbitrary files stored outside of intended frontend resources folder.

Affected Versions

All versions starting from 2.0.0 through 2.4.1, all versions starting from 3.0 through 4.0

Solution

Upgrade to version 2.4.2 or higher.

Last Modified

2021-05-07

source