Denial of service in DataCommunicator class in Vaadin 8
CVE-2021-33609

4.3MEDIUM

Key Information:

Vendor: Vaadin
Status: Vaadin; Vaadin-server
Vendor: CVE Published:; 13 October 2021

What is CVE-2021-33609?

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vaadin 8.0.0

Vaadin <= 8.14.0

vaadin-server 8.0.0

References

https://vaadin.com/security/cve-2021-33609

x_refsource_CONFIRM

https://github.com/vaadin/framework/pull/12415

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 13, 2021
Vulnerability Reserved
May 27, 2021

JSON

Vaadin

What is CVE-2021-33609?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.