CVE-2023-25499

Name of the Vulnerable Software and Affected Versions Vaadin versions 10.0.0 through 10.0.22 Vaadin versions 11.0.0 through 14.10.0 Vaadin versions 15.0.0 through 22.0.28 Vaadin versions 23.0.0 through 23.3.12 Vaadin versions 24.0.0 through 24.0.5 Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1

Description When adding non-visible components to the UI in server side, content is sent to the browser, resulting in potential information disclosure.

Recommendations For Vaadin versions 10.0.0 through 10.0.22, update to a version outside of this range to mitigate the risk. For Vaadin versions 11.0.0 through 14.10.0, update to a version outside of this range to mitigate the risk. For Vaadin versions 15.0.0 through 22.0.28, update to a version outside of this range to mitigate the risk. For Vaadin versions 23.0.0 through 23.3.12, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.0.0 through 24.0.5, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1, update to a version outside of this range to mitigate the risk.