CVE-2020-36319 – Potential sensitive data exposure in applications using Vaadin 15

https://notcve.org/view.php?id=CVE-2020-36319

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController Una configuración no segura del ObjectMapper predeterminado en com.vaadin:flow-server versiones 3.0.0 hasta 3.0.5 (Vaadin versiones 15.0.0 hasta 15.0.4), pueden exponer datos confidenciales si la aplicación también usa, por ejemplo, @RestController • https://github.com/vaadin/flow/pull/8016 https://github.com/vaadin/flow/pull/8051 https://vaadin.com/security/cve-2020-36319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •