Kim Leppänen

**Name of the Vulnerable Software and Affected Versions** Vaadin versions 10.0.0 through 10.0.22 Vaadin versions 11.0.0 through 14.10.0 Vaadin versions 15.0.0 through 22.0.28 Vaadin versions 23.0.0 through 23.3.12 Vaadin versions 24.0.0 through 24.0.5 Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1 **Description** When adding non-visible components to the UI in server side, content is sent to the browser, resulting in potential information disclosure. **Recommendations** For Vaadin versions 10.0.0 through 10.0.22, update to a version outside of this range to mitigate the risk. For Vaadin versions 11.0.0 through 14.10.0, update to a version outside of this range to mitigate the risk. For Vaadin versions 15.0.0 through 22.0.28, update to a version outside of this range to mitigate the risk. For Vaadin versions 23.0.0 through 23.3.12, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.0.0 through 24.0.5, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1, update to a version outside of this range to mitigate the risk.