Mstahvo

**Name of the Vulnerable Software and Affected Versions** com.vaadin:flow-server versions 1.2.0 through 2.4.7 com.vaadin:flow-server versions 6.0.0 through 6.0.1 **Description** The issue allows an attacker to access application classes and resources on the server via a crafted HTTP request. This is due to a vulnerability in OSGi integration in com.vaadin:flow-server. **Recommendations** For com.vaadin:flow-server versions 1.2.0 through 2.4.7, update to a version outside of this range to resolve the issue. For com.vaadin:flow-server versions 6.0.0 through 6.0.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to sensitive application classes and resources on the server until a patch is available.