CVE-2021-33609: Uncontrolled Resource Consumption

October 13, 2021 (updated May 14, 2024)

Missing check in DataCommunicator class in com.vaadin:vaadin-server allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

References

nvd.nist.gov/vuln/detail/CVE-2021-33609
vaadin.com/security/cve-2021-33609

Detect and mitigate CVE-2021-33609 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →