GCVE - cpe:2.3:a:vaadin:vaadin-server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:vaadin:vaadin-server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Vaadin (`34b94bf1-d464-500e-83b4-751a8d81d66e`)
Product	Vaadin Server (`790f0a42-79d2-54a3-bfa8-448cc8889104`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-33609`	vulnerable	2026-06-03 14:44:43.682796	Denial of service in DataCommunicator class in Vaadin 8 MEDIUM (4.3) Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data. Published: 2021-10-13T10:58:35.736Z Updated: 2024-09-16T21:04:18.638Z Open on db.gcve.eu Reference links https://vaadin.com/security/cve-2021-33609 https://github.com/vaadin/framework/pull/12415	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-31403`	vulnerable	2026-06-03 14:44:33.084293	Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 MEDIUM (4) Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack Published: 2021-04-23T16:05:41.014Z Updated: 2024-09-16T22:08:44.800Z Open on db.gcve.eu Reference links https://vaadin.com/security/cve-2021-31403 https://github.com/vaadin/framework/pull/12190 https://github.com/vaadin/framework/pull/12188	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36320`	vulnerable	2026-06-03 14:42:33.483812	Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7 HIGH (7.5) Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. Published: 2021-04-23T16:05:40.779Z Updated: 2024-09-16T16:58:41.413Z Open on db.gcve.eu Reference links https://vaadin.com/security/cve-2020-36320 https://github.com/vaadin/framework/issues/7757 https://github.com/vaadin/framework/pull/12104	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-25028`	vulnerable	2026-06-03 14:40:17.882020	Stored cross-site scripting in Grid component in Vaadin 7 and 8 MEDIUM (5.4) Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector Published: 2021-04-23T16:05:40.548Z Updated: 2024-09-16T20:57:32.611Z Open on db.gcve.eu Reference links https://vaadin.com/security/cve-2019-25028 https://github.com/vaadin/framework/pull/11644 https://github.com/vaadin/framework/pull/11645	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.