CVE-2021-33605

Name of the Vulnerable Software and Affected Versions com.vaadin:vaadin-checkbox-flow versions 1.2.0 through 2.0.0 com.vaadin:vaadin-checkbox-flow versions 2.0.0 through 3.0.0 com.vaadin:vaadin-checkbox-flow versions 3.0.0 through 4.0.1 com.vaadin:vaadin-checkbox-flow versions 14.5.0 through 14.6.7 com.vaadin:vaadin-checkbox-flow versions 18.0.0 through 20.0.5

Description The issue is related to an improper check in the CheckboxGroup component, allowing attackers to modify the value of a disabled Checkbox inside an enabled CheckboxGroup component via unspecified vectors.

Recommendations For com.vaadin:vaadin-checkbox-flow versions 1.2.0 through 2.0.0, update to version 2.0.0 or later. For com.vaadin:vaadin-checkbox-flow versions 2.0.0 through 3.0.0, update to version 3.0.0 or later. For com.vaadin:vaadin-checkbox-flow versions 3.0.0 through 4.0.1, update to version 4.0.1 or later. For com.vaadin:vaadin-checkbox-flow versions 14.5.0 through 14.6.7, update to version 14.6.7 or later. For com.vaadin:vaadin-checkbox-flow versions 18.0.0 through 20.0.5, update to version 20.0.5 or later. As a temporary workaround, consider disabling the CheckboxGroup component until a patch is available. Restrict access to the Checkbox component to minimize the risk of exploitation.