Pleku

**Name of the Vulnerable Software and Affected Versions** com.vaadin:flow-server versions 2.0.0 through 2.6.1 com.vaadin:flow-server versions 3.0.0 through 6.0.9 **Description** A URL encoding error in the development mode handler allows a local user to execute arbitrary JavaScript code by opening a crafted URL in a browser. This issue affects Vaadin versions 14.0.0 through 14.6.1 and 15.0.0 through 19.0.8. **Recommendations** For com.vaadin:flow-server versions 2.0.0 through 2.6.1, update to a version outside of this range to resolve the issue. For com.vaadin:flow-server versions 3.0.0 through 6.0.9, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the development mode handler until a patch is available.