Home > Vulnerability Database > CVE-2022-29567

Mend.io Vulnerability Database

CVE-2022-29567

Good to know:

Date: May 24, 2022

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.

Language: Java

Severity Score

5.7

Related Resources (6)

Url: https://github.com/vaadin/platform

Url: https://github.com/vaadin/platform/security/advisories/GHSA-qfr3-323w-qv27

Url: https://github.com/vaadin/flow-components/pull/3046

Url: https://vaadin.com/security/cve-2022-29567

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-29567

Url: https://www.mend.io/vulnerability-database/CVE-2022-29567

Severity Score

5.7

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version com.vaadin:vaadin-grid-flow:14.8.10:22.0.15:23.0.9:23.1.0.beta1

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-29567

Good to know:

Date: May 24, 2022

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?