Security Advisory

CVE-2020-36321

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-23 16:05:40
Last updated 2024-09-17 00:45:59
Assigner Vaadin
State PUBLISHED

Description

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.