CVE-2021-31411

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-31411
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31411.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-31411
Aliases
Published
2021-05-05T19:15:08Z
Modified
2024-05-29T22:12:25Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

References

Affected packages

Git / github.com/vaadin/flow

Affected ranges

Type
GIT
Repo
https://github.com/vaadin/flow
Events
Type
GIT
Repo
https://github.com/vaadin/platform
Events
Type
GIT
Repo
https://github.com/vaadin/vaadin
Events