CVE-2021-31411

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-31411
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31411.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-31411
Aliases
Published
2021-05-05T19:15:08Z
Modified
2024-09-02T22:12:07Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

References

Affected packages

Git / github.com/vaadin/flow

Affected ranges

Type
GIT
Repo
https://github.com/vaadin/flow
Events
Introduced
058a0e568a95bc163a7bb35a56c0ea4b56fe9e21
Fixed
995027d29ee538e7f707b2454686be75f02977ef
Type
GIT
Repo
https://github.com/vaadin/platform
Events
Introduced
23851fec3ccb0b849c34e84ea571f6306263f672
Fixed
e92afa6958bc1fb6d0d82f19eef9290264a29e0b
Type
GIT
Repo
https://github.com/vaadin/vaadin
Events
Introduced
133ed383767f8c3993cd6142c7232b089f9c5df5
Fixed
9c79fd20b941639197ea58d6633722909b2ea3c7