Knoobie

**Name of the Vulnerable Software and Affected Versions** Vaadin versions 14.8.5 through 14.8.9 Vaadin versions 22.0.6 through 22.0.14 Vaadin versions 23.0.0.beta2 through 23.0.8 Vaadin versions 23.1.0.alpha1 through 23.1.0.alpha4 **Description** The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin, resulting in potential information disclosure of values that should not be available on the client-side. **Recommendations** For Vaadin versions 14.8.5 through 14.8.9, update the configuration to avoid using Object::toString as a key. For Vaadin versions 22.0.6 through 22.0.14, update the configuration to avoid using Object::toString as a key. For Vaadin versions 23.0.0.beta2 through 23.0.8, update the configuration to avoid using Object::toString as a key. For Vaadin versions 23.1.0.alpha1 through 23.1.0.alpha4, update the configuration to avoid using Object::toString as a key. As a temporary workaround, consider disabling the TreeGrid component until a proper configuration can be implemented.