Heap Exhaustion Vulnerability in DataCommunicator Class in Vaadin Server 8.0.0 - 8.14.0

Heap Exhaustion Vulnerability in DataCommunicator Class in Vaadin Server 8.0.0 - 8.14.0

CVE-2021-33609 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

Learn more about our Cis Benchmark Audit For Server Software.