{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "10.0.0" }, { "fixed": "10.0.23" }, { "introduced": "11.0.0" }, { "fixed": "14.10.2" }, { "introduced": "15.0.0" }, { "last_affected": "22.0.28" }, { "introduced": "23.0.0" }, { "fixed": "23.3.14" }, { "introduced": "24.0.0" }, { "fixed": "24.0.7" }, { "introduced": "0" }, { "last_affected": "24.1.0-alpha1" }, { "introduced": "0" }, { "last_affected": "24.1.0-alpha2" }, { "introduced": "0" }, { "last_affected": "24.1.0-alpha3" }, { "introduced": "0" }, { "last_affected": "24.1.0-alpha4" }, { "introduced": "0" }, { "last_affected": "24.1.0-alpha5" }, { "introduced": "0" }, { "last_affected": "24.1.0-alpha6" }, { "introduced": "0" }, { "last_affected": "24.1.0-beta1" }, { "introduced": "0" }, { "last_affected": "24.1.0-beta2" }, { "introduced": "0" }, { "last_affected": "24.1.0-beta3" }, { "introduced": "0" }, { "last_affected": "24.1.0-rc1" }, { "introduced": "0" }, { "last_affected": "24.1.0-rc2" } ] }, "events": [ { "introduced": "7ac406600a3c1a228e15ba253fe844f7e13771a0" }, { "fixed": "7a9403dc6515f4ecd99a169339b43f3d6b096064" }, { "introduced": "75cb16838a5b87c6e1a15b9e453e0d7c90cc1d53" }, { "fixed": "79c074d8207f994b1dd0843c4d4743a108c6ff1d" }, { "introduced": "9efda1b1e0a27769eef9292dd7799d8fea77e633" }, { "last_affected": "5822e673320817e8dc9baf6015f271afe07cef24" }, { "introduced": "e107b1973a390cafc749031e033f37de7b9a4a1f" }, { "fixed": "18de9dedff85abf77a61787f44c359f99e844729" }, { "introduced": "a45cc881358732b3d594b20750f1369a65d7237a" }, { "fixed": "03387857d07c47bb9199909d3cd38ac4f4628b64" }, { "introduced": "0" }, { "last_affected": "b5c441f2178926e003653d466d09d8fb40f7c35f" }, { "introduced": "0" }, { "last_affected": "f88b3ceb3f3626ae082477cfc3dcf889765f802d" }, { "introduced": "0" }, { "last_affected": "f6b560f2bcf42a40027c6fbff40b0cc8a2cdd639" }, { "introduced": "0" }, { "last_affected": "1d42f366aecac52015db2f997d72ffa7d4fca7df" }, { "introduced": "0" }, { "last_affected": "61f9aca5d70c09b4d3b2f9753346938b81b43d62" }, { "introduced": "0" }, { "last_affected": "1b348c9cae89e22c9e82c977f9b35bfa8f5e7b5c" }, { "introduced": "0" }, { "last_affected": "dc2b36aeeb51e7d1c2dcc349d051d9a0a44228cc" }, { "introduced": "0" }, { "last_affected": "aa1e6e108dbb1a1963959a0d05adebc3399b1e21" }, { "introduced": "0" }, { "last_affected": "0f1f6efa5ec4d572a80a248d5b0e2ff720c8d93f" }, { "introduced": "0" }, { "last_affected": "c84c8629a86aff2a916bb0be4df47f906b8114f3" }, { "introduced": "0" }, { "last_affected": "8cae4417c4484ed459c1a1711d0c453fc1047d58" } ], "repo": "https://github.com/vaadin/vaadin", "type": "GIT" } ] } ], "details": "Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.", "id": "CVE-2023-25500", "modified": "2026-03-13T21:56:35.266854987Z", "published": "2023-06-22T13:15:09.737Z", "references": [ { "type": "ADVISORY", "url": "https://vaadin.com/security/cve-2023-25500" }, { "type": "FIX", "url": "https://github.com/vaadin/flow/pull/16935" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }