CVE-2020-36321
maven/com.vaadin/vaadin-server
Path Traversal
Improper URL validation in development mode handler in com.vaadin:flow-server
allows attacker to request arbitrary files stored outside of intended frontend resources folder.
All versions starting from 14.0.0 before 14.4.3, all versions starting from 15.0.0 before 18.0.0
Upgrade to version 14.4.3 or 18.0.0 or above.
2021-05-10
source |