Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.vaadin:flow-server(Maven) | 1.2.0 | 2.4.8 | N/A |
| com.vaadin:flow-server(Maven) | 6.0.0 | 6.0.1 | N/A |
CVSS Metrics
