Vaadin · Vaadin · CVE-2023-25499
**Name of the Vulnerable Software and Affected Versions**
Vaadin versions 10.0.0 through 10.0.22
Vaadin versions 11.0.0 through 14.10.0
Vaadin versions 15.0.0 through 22.0.28
Vaadin versions 23.0.0 through 23.3.12
Vaadin versions 24.0.0 through 24.0.5
Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1
**Description**
When adding non-visible components to the UI in server side, content is sent to the browser, resulting in potential information disclosure.
**Recommendations**
For Vaadin versions 10.0.0 through 10.0.22, update to a version outside of this range to mitigate the risk.
For Vaadin versions 11.0.0 through 14.10.0, update to a version outside of this range to mitigate the risk.
For Vaadin versions 15.0.0 through 22.0.28, update to a version outside of this range to mitigate the risk.
For Vaadin versions 23.0.0 through 23.3.12, update to a version outside of this range to mitigate the risk.
For Vaadin versions 24.0.0 through 24.0.5, update to a version outside of this range to mitigate the risk.
For Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1, update to a version outside of this range to mitigate the risk.