CVE-2021-31407

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-31407

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31407.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-31407

Aliases

GHSA-25xc-jwfq-39jw

Published

2021-04-23T16:15:08Z

Modified

2024-09-03T03:48:28.065342Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

References

Affected packages

Git / github.com/vaadin/flow

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/flow
Events: Introduced

9aee02bb461b537242243218e25dcbe200aa2cbe

Fixed

ada7f7be8fa6c938941674de8650ce6921aec60d

Type: GIT
Repo: https://github.com/vaadin/platform
Events: Introduced

07d2173b5a200b7c8e7d12831b3681b22ff76aae

Fixed

81ed2884a0f9c43bf21a72d1da801052e567b78b

Affected versions

1.*

1.2.0

1.3.0.alpha2

1.3.0.alpha3

1.5.0.alpha1

1.5.0.alpha2

1.5.0.alpha3

1.5.0.alpha4

2.*

2.0.0

2.0.0.alpha1

2.0.0.alpha2

2.0.0.alpha3

2.0.0.alpha4

2.0.0.alpha5

2.0.0.beta1

2.0.0.beta2

2.0.0.rc1

2.0.0.rc2

2.0.0.rc3

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0.alpha1

2.1.0.beta1

2.1.0.beta3

2.2.0

2.2.0.alpha1

2.2.0.alpha10

2.2.0.alpha11

2.2.0.alpha12

2.2.0.alpha13

2.2.0.alpha14

2.2.0.alpha15

2.2.0.alpha16

2.2.0.alpha2

2.2.0.alpha3

2.2.0.alpha4

2.2.0.alpha5

2.2.0.alpha6

2.2.0.alpha7

2.2.0.alpha8

2.2.0.alpha9

2.2.0.beta1

2.2.0.beta2

2.2.0.rc1

2.2.1

2.2.2

2.2.alpha14

2.3.0

2.3.0.alpha1

2.3.0.beta1

2.3.0.beta2

2.3.0.beta3

2.3.1

2.3.2

2.3.3

2.3.4

2.4.0

2.4.0.alpha1

2.4.0.beta1

2.4.0.beta2

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

3.*

3.0.0.alpha5