CVE-2021-33609

Uncontrolled Resource Consumption in maven/com.vaadin/vaadin-server

Identifiers

CVE-2021-33609

Package Slug

maven/com.vaadin/vaadin-server

Vulnerability

Uncontrolled Resource Consumption

Description

Missing check in DataCommunicator class in com.vaadin:vaadin-server allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

Affected Versions

All versions starting from 8.0.0 before 8.14.1

Solution

Upgrade to version 8.14.1 or above.

Last Modified

2021-10-20

source