Vulnerability in UIDL Request Handler Allows Property Value Manipulation

Vulnerability in UIDL Request Handler Allows Property Value Manipulation

CVE-2018-25007 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.

Learn more about our Cis Benchmark Audit For Server Software.