CVE-2020-36321
maven/com.vaadin/flow-server
Path Traversal
Improper URL validation in development mode handler in com.vaadin:flow-server
allows attacker to request arbitrary files stored outside of intended frontend resources folder.
All versions starting from 2.0.0 through 2.4.1, all versions starting from 3.0 through 4.0
Upgrade to version 2.4.2 or higher.
2021-05-07
source |