URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Vaadin

Published: 2021-06-24T11:16:27.149618Z

Updated: 2024-09-17T03:13:22.641Z

Reserved: 2021-05-27T00:00:00

Link: CVE-2021-33604

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-24T12:15:08.157

Modified: 2024-11-21T06:09:11.187

Link: CVE-2021-33604

cve-icon Redhat

No data.