VYPR
Moderate severityNVD Advisory· Published May 24, 2022· Updated Sep 16, 2024

Possible information disclosure inside TreeGrid component with default data provider

CVE-2022-29567

Description

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.vaadin:vaadinMaven
>= 14.8.5, < 14.8.1014.8.10
com.vaadin:vaadinMaven
>= 22.0.6, < 22.0.1522.0.15
com.vaadin:vaadinMaven
>= 23.0.0, < 23.0.923.0.9
com.vaadin:vaadin-grid-flowMaven
>= 14.8.5, < 14.8.1014.8.10
com.vaadin:vaadin-grid-flowMaven
>= 22.0.6, < 22.0.1522.0.15
com.vaadin:vaadin-grid-flowMaven
>= 23.0.0.beta2, < 23.0.923.0.9

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.