CVE-2021-31410

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-31410

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31410.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-31410

Published

2021-04-23T17:15:08.297Z

Modified

2026-03-14T10:55:47.758832Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

References

https://vaadin.com/security/cve-2021-31410

Affected packages

Git / github.com/vaadin/designer

Affected ranges

Type

GIT

Repo

https://github.com/vaadin/designer

Events

Introduced

1268971d1fa02290ae1d4ffc5988f3624f3e3311

Fixed

ee55ff2aea1020e57382cf1adca4a13fface72ff

Database specific

{
    "versions": [
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.6.4"
        }
    ]
}

Affected versions

4.*

4.3.0.final

4.3.1

4.3.10

4.3.11

4.3.12

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.4.0

4.4.1

4.4.2

4.5.0

4.5.1

4.5.10

4.5.11

4.5.12

4.5.13

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.6.1

4.6.2

4.6.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31410.json"