CVE-2020-36321

Path Traversal in maven/com.vaadin/vaadin-server

Identifiers

CVE-2020-36321

Package Slug

maven/com.vaadin/vaadin-server

Vulnerability

Path Traversal

Description

Improper URL validation in development mode handler in com.vaadin:flow-server allows attacker to request arbitrary files stored outside of intended frontend resources folder.

Affected Versions

All versions starting from 14.0.0 before 14.4.3, all versions starting from 15.0.0 before 18.0.0

Solution

Upgrade to version 14.4.3 or 18.0.0 or above.

Last Modified

2021-05-10

source