GMS-2021-71: Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
(updated )
Missing output sanitization in default RouteNotFoundError
view in com.vaadin:flow-server
versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL.
References
Detect and mitigate GMS-2021-71 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →