Moderate severityNVD Advisory· Published Oct 13, 2021· Updated Sep 16, 2024
Denial of service in DataCommunicator class in Vaadin 8
CVE-2021-33609
Description
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.vaadin:vaadin-serverMaven | >= 8.0.6, < 8.14.1 | 8.14.1 |
Affected products
2- Vaadin/vaadin-serverv5Range: 8.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-qcgx-crrx-38v5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-33609ghsaADVISORY
- github.com/vaadin/framework/pull/12415ghsax_refsource_CONFIRMWEB
- github.com/vaadin/framework/security/advisories/GHSA-qcgx-crrx-38v5ghsaWEB
- vaadin.com/security/cve-2021-33609ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.