Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL
References
Link | Resource |
---|---|
https://github.com/vaadin/flow/pull/5498 | Patch Third Party Advisory |
https://vaadin.com/security/cve-2019-25027 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Vaadin
Published: 2019-05-27T00:00:00
Updated: 2021-04-23T16:05:40
Reserved: 2021-04-13T00:00:00
Link: CVE-2019-25027
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-23T16:15:07.987
Modified: 2021-05-05T18:27:48.853
Link: CVE-2019-25027
JSON object: View
Redhat Information
No data.