CVE-2021-33609

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: com.vaadin:vaadin-server versions 8.0.0 through 8.14.0

Description: The issue is caused by a missing check in the DataCommunicator class, allowing an authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

Recommendations: For versions 8.0.0 through 8.14.0, consider disabling the DataCommunicator class or restricting the amount of data that can be requested to prevent heap exhaustion until a patch is available.

Fix

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

CVE-2021-33609

GHSA-J23J-Q57M-63V3

GHSA-QCGX-CRRX-38V5

Affected Products

Vaadin-Server

CVE-2021-33609

Weakness Enumeration

Related Identifiers

Affected Products

References · 10