CVE-2021-31407

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-31407

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31407.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-31407

Aliases

GHSA-25xc-jwfq-39jw

Published

2021-04-23T16:15:08Z

Modified

2025-07-29T09:54:10.183890Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

References

Affected packages

Git / github.com/vaadin/flow

Affected ranges

Type: GIT
Repo: https://github.com/vaadin/flow
Events: Introduced

9aee02bb461b537242243218e25dcbe200aa2cbe

Fixed

ada7f7be8fa6c938941674de8650ce6921aec60d

Type: GIT
Repo: https://github.com/vaadin/platform
Events: Introduced

07d2173b5a200b7c8e7d12831b3681b22ff76aae

Fixed

81ed2884a0f9c43bf21a72d1da801052e567b78b

Type: GIT
Repo: https://github.com/vaadin/vaadin
Events: Introduced

6cdfffb48905fb0690b4b3d545cd65539a073323

Fixed

6f36424c2e3544ea5fffdad8a6db927f8c109338

Affected versions

1.*

1.2.0

1.3.0.alpha2

1.3.0.alpha3

1.5.0.alpha1

1.5.0.alpha2

1.5.0.alpha3

1.5.0.alpha4

2.*

2.0.0

2.0.0.alpha1

2.0.0.alpha2

2.0.0.alpha3

2.0.0.alpha4

2.0.0.alpha5

2.0.0.beta1

2.0.0.beta2

2.0.0.rc1

2.0.0.rc2

2.0.0.rc3

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0.alpha1

2.1.0.beta1

2.1.0.beta3

2.2.0

2.2.0.alpha1

2.2.0.alpha10

2.2.0.alpha11

2.2.0.alpha12

2.2.0.alpha13

2.2.0.alpha14

2.2.0.alpha15

2.2.0.alpha16

2.2.0.alpha2

2.2.0.alpha3

2.2.0.alpha4

2.2.0.alpha5

2.2.0.alpha6

2.2.0.alpha7

2.2.0.alpha8

2.2.0.alpha9

2.2.0.beta1

2.2.0.beta2

2.2.0.rc1

2.2.1

2.2.2

2.2.alpha14

2.3.0

2.3.0.alpha1

2.3.0.beta1

2.3.0.beta2

2.3.0.beta3

2.3.1

2.3.2

2.3.3

2.3.4

2.4.0

2.4.0.alpha1

2.4.0.beta1

2.4.0.beta2

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

3.*

3.0.0.alpha5

v12.*

v12.0.0

v12.0.1

v12.0.2

v13.*

v13.0.0

v13.0.0-alpha1

v13.0.0-alpha2

v13.0.0-alpha3

v13.0.0-alpha4

v13.0.0-beta1

v13.0.0-beta2

v13.0.0-beta3

v13.0.1

v14.*

v14.0.0

v14.0.0-alpha1

v14.0.0-alpha2

v14.0.0-alpha3

v14.0.0-alpha4

v14.0.0-beta1

v14.0.0-beta2

v14.0.0-beta3

v14.0.0-rc1

v14.0.0-rc2

v14.0.0-rc3

v14.0.0-rc4

v14.0.0-rc5

v14.0.0-rc6

v14.0.0-rc7

v14.0.0-rc8

v14.0.0-rc9

v14.0.1

v14.0.2

v14.1.0

v14.1.0-alpha1

v14.1.0-alpha2

v14.1.0-alpha3

v14.1.0-alpha4

v14.1.0-alpha5

v14.1.0-beta1

v14.1.0-beta2

v14.1.0-beta3

v14.1.0-rc1

v14.1.1

v14.1.2

v14.2.0

v14.2.0-alpha1

v14.2.0-alpha10

v14.2.0-alpha11

v14.2.0-alpha2

v14.2.0-alpha3

v14.2.0-alpha4

v14.2.0-alpha5

v14.2.0-alpha6

v14.2.0-alpha7

v14.2.0-alpha8

v14.2.0-alpha9

v14.2.0-beta1

v14.2.0-rc1

v14.3.0

v14.3.0-alpha1

v14.3.0-beta1

v14.3.0-beta2

v14.3.0-beta3

v14.3.0-rc1

v14.4.0

v14.4.0-alpha1

v14.4.0-beta1

v14.4.0-beta2

v14.4.0-rc1

v14.4.1

v14.4.2

v14.4.3

v14.4.4

v14.4.5

v14.4.6

v14.4.7

v14.4.8

v14.4.9