CVE-2021-31407
- Source
- https://cve.org/CVERecord?id=CVE-2021-31407
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31407.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31407
- Aliases
- Published
- 2021-04-23T16:15:08.767Z
- Modified
- 2026-04-10T04:32:27.593932Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
- References
Affected packages
Git / github.com/vaadin/flow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vaadin/flow
- Events
- Database specific
{ "versions": [ { "introduced": "1.2.0" }, { "fixed": "2.4.8" }, { "introduced": "6.0.0" }, { "fixed": "6.0.2" } ] }
- Type
- GIT
- Repo
- https://github.com/vaadin/vaadin
- Events
-
IntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "12.0.0" }, { "fixed": "14.4.10" }, { "introduced": "0" }, { "last_affected": "19.0.0-NA" } ] }
Affected versions
1.*
1.2.0
1.3.0.alpha2
1.3.0.alpha3
1.5.0.alpha1
1.5.0.alpha2
1.5.0.alpha3
1.5.0.alpha4
2.*
2.0.0
2.0.0.alpha5
2.0.0.beta1
2.0.0.beta2
2.0.0.rc1
2.0.0.rc2
2.0.0.rc3
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1.0.alpha1
2.1.0.beta1
2.1.0.beta3
2.2.0.alpha1
2.2.0.alpha10
2.2.0.alpha11
2.2.0.alpha12
2.2.0.alpha13
2.2.0.alpha14
2.2.0.alpha15
2.2.0.alpha16
2.2.0.alpha2
2.2.0.alpha3
2.2.0.alpha4
2.2.0.alpha5
2.2.0.alpha6
2.2.0.alpha7
2.2.0.alpha8
2.2.0.alpha9
2.2.0.beta1
2.2.0.beta2
2.2.0.rc1
2.2.alpha14
2.3.0
2.3.0.alpha1
2.3.0.beta1
2.3.0.beta2
2.3.0.beta3
2.3.1
2.3.2
2.3.3
2.3.4
2.4.0
2.4.0.alpha1
2.4.0.beta1
2.4.0.beta2
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
3.*
3.0.0.alpha5
6.*
6.0.0
6.0.0.rc1
6.0.1
v12.*
v12.0.0
v12.0.1
v12.0.2
v13.*
v13.0.0
v13.0.0-alpha1
v13.0.0-alpha2
v13.0.0-alpha3
v13.0.0-alpha4
v13.0.0-beta1
v13.0.0-beta2
v13.0.0-beta3
v13.0.1
v14.*
v14.0.0
v14.0.0-alpha1
v14.0.0-alpha2
v14.0.0-alpha3
v14.0.0-alpha4
v14.0.0-beta1
v14.0.0-beta2
v14.0.0-beta3
v14.0.0-rc1
v14.0.0-rc2
v14.0.0-rc3
v14.0.0-rc4
v14.0.0-rc5
v14.0.0-rc6
v14.0.0-rc7
v14.0.0-rc8
v14.0.0-rc9
v14.0.1
v14.0.2
v14.1.0
v14.1.0-alpha1
v14.1.0-alpha2
v14.1.0-alpha3
v14.1.0-alpha4
v14.1.0-alpha5
v14.1.0-beta1
v14.1.0-beta2
v14.1.0-beta3
v14.1.0-rc1
v14.1.1
v14.1.2
v14.2.0
v14.2.0-alpha1
v14.2.0-alpha10
v14.2.0-alpha11
v14.2.0-alpha2
v14.2.0-alpha3
v14.2.0-alpha4
v14.2.0-alpha5
v14.2.0-alpha6
v14.2.0-alpha7
v14.2.0-alpha8
v14.2.0-alpha9
v14.2.0-beta1
v14.2.0-rc1
v14.3.0
v14.3.0-alpha1
v14.3.0-beta1
v14.3.0-beta2
v14.3.0-beta3
v14.3.0-rc1
v14.4.0
v14.4.0-alpha1
v14.4.0-beta1
v14.4.0-beta2
v14.4.0-rc1
v14.4.1
v14.4.2
v14.4.3
v14.4.4
v14.4.5
v14.4.6
v14.4.7
v14.4.8
v14.4.9
v15.*
v15.0.0-alpha1
v15.0.0-alpha10
v15.0.0-alpha11
v15.0.0-alpha12
v15.0.0-alpha13
v15.0.0-alpha14
v15.0.0-alpha15
v15.0.0-alpha2
v15.0.0-alpha3
v15.0.0-alpha4
v15.0.0-alpha5
v15.0.0-alpha6
v15.0.0-alpha7
v15.0.0-alpha8
v15.0.0-alpha9
v15.0.0-beta1
v15.0.0-beta2
v15.0.0-beta3
v15.0.0-beta4
v15.0.0-beta5
v15.0.0-rc1
v16.*
v16.0.0-alpha1
v16.0.0-alpha2
v16.0.0-alpha3
v17.*
v17.0.0
v17.0.0-alpha1
v17.0.0-alpha2
v17.0.0-alpha3
v17.0.0-alpha4
v17.0.0-alpha5
v17.0.0-alpha6
v17.0.0-alpha7
v17.0.0-beta1
v17.0.0-beta2
v17.0.0-beta3
v17.0.0-rc1
v17.0.0-rc2
v18.*
v18.0.0-alpha1
v18.0.0-beta1
v18.0.0-beta2
v19.*
v19.0.0
v19.0.0-alpha1
v19.0.0-alpha2
v19.0.0-alpha3
v19.0.0-alpha4
v19.0.0-alpha5
v19.0.0-beta1
v19.0.0-beta2
v19.0.0-beta3
v19.0.0-beta4
v19.0.0-rc1