Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for vaadin-grid-flow by Vaadin

    CVE-2022-29567 (GCVE-0-2022-29567)

    Vulnerability from nvd – Published: 2022-05-24 14:20 – Updated: 2024-09-16 18:09
    VLAI
    Title
    Possible information disclosure inside TreeGrid component with default data provider
    Summary
    The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Vaadin vaadin Affected: 14.8.5 , < unspecified (custom)
    Affected: unspecified , ≤ 14.8.9 (custom)
    Affected: 22.0.6 , < unspecified (custom)
    Affected: unspecified , ≤ 22.0.14 (custom)
    Affected: 23.0.0.beta2 , < unspecified (custom)
    Affected: unspecified , ≤ 23.0.8 (custom)
    Affected: 23.1.0.alpha1 , < unspecified (custom)
    Affected: unspecified , ≤ 23.1.0.alpha4 (custom)
    Create a notification for this product.
    Vaadin vaadin-grid-flow Affected: 14.8.5 , < unspecified (custom)
    Affected: unspecified , ≤ 14.8.9 (custom)
    Affected: 22.0.6 , < unspecified (custom)
    Affected: unspecified , ≤ 22.0.14 (custom)
    Affected: 23.0.0.beta2 , < unspecified (custom)
    Affected: unspecified , ≤ 23.0.8 (custom)
    Affected: 23.1.0.alpha1 , < unspecified (custom)
    Affected: unspecified , ≤ 23.1.0.alpha4 (custom)
    Create a notification for this product.
    Date Public
    2022-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:06.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vaadin.com/security/cve-2022-29567"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/vaadin/flow-components/pull/3046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "vaadin",
              "vendor": "Vaadin",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "14.8.5",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "14.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "22.0.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "22.0.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.0.0.beta2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.0.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.1.0.alpha1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.1.0.alpha4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "vaadin-grid-flow",
              "vendor": "Vaadin",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "14.8.5",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "14.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "22.0.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "22.0.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.0.0.beta2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.0.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.1.0.alpha1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.1.0.alpha4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-24T14:20:19.000Z",
            "orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
            "shortName": "Vaadin"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vaadin.com/security/cve-2022-29567"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/vaadin/flow-components/pull/3046"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Possible information disclosure inside TreeGrid component with default data provider",
          "workarounds": [
            {
              "lang": "en",
              "value": "User might define either: custom `toString()` or `getId()` in their entity."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vaadin.com",
              "DATE_PUBLIC": "2022-05-24T10:44:00.000Z",
              "ID": "CVE-2022-29567",
              "STATE": "PUBLIC",
              "TITLE": "Possible information disclosure inside TreeGrid component with default data provider"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "vaadin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "14.8.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "14.8.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "22.0.6"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "22.0.14"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.0.0.beta2"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.0.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.1.0.alpha1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.1.0.alpha4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "vaadin-grid-flow",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "14.8.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "14.8.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "22.0.6"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "22.0.14"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.0.0.beta2"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.0.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.1.0.alpha1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.1.0.alpha4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Vaadin"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://vaadin.com/security/cve-2022-29567",
                  "refsource": "MISC",
                  "url": "https://vaadin.com/security/cve-2022-29567"
                },
                {
                  "name": "https://github.com/vaadin/flow-components/pull/3046",
                  "refsource": "MISC",
                  "url": "https://github.com/vaadin/flow-components/pull/3046"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "User might define either: custom `toString()` or `getId()` in their entity."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
        "assignerShortName": "Vaadin",
        "cveId": "CVE-2022-29567",
        "datePublished": "2022-05-24T14:20:19.452Z",
        "dateReserved": "2022-04-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:13.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29567 (GCVE-0-2022-29567)

    Vulnerability from cvelistv5 – Published: 2022-05-24 14:20 – Updated: 2024-09-16 18:09
    VLAI
    Title
    Possible information disclosure inside TreeGrid component with default data provider
    Summary
    The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Vaadin vaadin Affected: 14.8.5 , < unspecified (custom)
    Affected: unspecified , ≤ 14.8.9 (custom)
    Affected: 22.0.6 , < unspecified (custom)
    Affected: unspecified , ≤ 22.0.14 (custom)
    Affected: 23.0.0.beta2 , < unspecified (custom)
    Affected: unspecified , ≤ 23.0.8 (custom)
    Affected: 23.1.0.alpha1 , < unspecified (custom)
    Affected: unspecified , ≤ 23.1.0.alpha4 (custom)
    Create a notification for this product.
    Vaadin vaadin-grid-flow Affected: 14.8.5 , < unspecified (custom)
    Affected: unspecified , ≤ 14.8.9 (custom)
    Affected: 22.0.6 , < unspecified (custom)
    Affected: unspecified , ≤ 22.0.14 (custom)
    Affected: 23.0.0.beta2 , < unspecified (custom)
    Affected: unspecified , ≤ 23.0.8 (custom)
    Affected: 23.1.0.alpha1 , < unspecified (custom)
    Affected: unspecified , ≤ 23.1.0.alpha4 (custom)
    Create a notification for this product.
    Date Public
    2022-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:06.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vaadin.com/security/cve-2022-29567"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/vaadin/flow-components/pull/3046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "vaadin",
              "vendor": "Vaadin",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "14.8.5",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "14.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "22.0.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "22.0.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.0.0.beta2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.0.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.1.0.alpha1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.1.0.alpha4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "vaadin-grid-flow",
              "vendor": "Vaadin",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "14.8.5",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "14.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "22.0.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "22.0.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.0.0.beta2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.0.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "23.1.0.alpha1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.1.0.alpha4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-24T14:20:19.000Z",
            "orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
            "shortName": "Vaadin"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vaadin.com/security/cve-2022-29567"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/vaadin/flow-components/pull/3046"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Possible information disclosure inside TreeGrid component with default data provider",
          "workarounds": [
            {
              "lang": "en",
              "value": "User might define either: custom `toString()` or `getId()` in their entity."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vaadin.com",
              "DATE_PUBLIC": "2022-05-24T10:44:00.000Z",
              "ID": "CVE-2022-29567",
              "STATE": "PUBLIC",
              "TITLE": "Possible information disclosure inside TreeGrid component with default data provider"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "vaadin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "14.8.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "14.8.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "22.0.6"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "22.0.14"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.0.0.beta2"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.0.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.1.0.alpha1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.1.0.alpha4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "vaadin-grid-flow",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "14.8.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "14.8.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "22.0.6"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "22.0.14"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.0.0.beta2"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.0.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "23.1.0.alpha1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "23.1.0.alpha4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Vaadin"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://vaadin.com/security/cve-2022-29567",
                  "refsource": "MISC",
                  "url": "https://vaadin.com/security/cve-2022-29567"
                },
                {
                  "name": "https://github.com/vaadin/flow-components/pull/3046",
                  "refsource": "MISC",
                  "url": "https://github.com/vaadin/flow-components/pull/3046"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "User might define either: custom `toString()` or `getId()` in their entity."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
        "assignerShortName": "Vaadin",
        "cveId": "CVE-2022-29567",
        "datePublished": "2022-05-24T14:20:19.452Z",
        "dateReserved": "2022-04-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:13.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }