CVE-2021-31412
- Source
- https://cve.org/CVERecord?id=CVE-2021-31412
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31412.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31412
- Aliases
- Published
- 2021-06-24T12:15:08.090Z
- Modified
- 2026-04-10T04:32:28.174616Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.
- References
Affected packages
Git / github.com/vaadin/flow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vaadin/flow
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "1.0.0" }, { "last_affected": "1.0.14" }, { "introduced": "1.1.0" }, { "last_affected": "1.4.0" }, { "introduced": "2.0.0" }, { "last_affected": "2.6.1" }, { "introduced": "3.0.0" }, { "last_affected": "5.0.0" }, { "introduced": "6.0.0" }, { "last_affected": "6.0.9" } ] }
- Type
- GIT
- Repo
- https://github.com/vaadin/vaadin
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "10.0.0" }, { "last_affected": "10.0.18" }, { "introduced": "11.0.0" }, { "last_affected": "13.0.0" }, { "introduced": "14.0.0" }, { "last_affected": "14.6.1" }, { "introduced": "15.0.0" }, { "last_affected": "18.0.0" }, { "introduced": "19.0.0" }, { "last_affected": "19.0.8" } ] }
Affected versions
1.*
1.0.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.2.0
1.2.0.alpha1
1.2.0.beta1
1.2.0.beta2
1.3.0
1.3.0.beta1
1.3.0.beta2
1.4.0
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1.0.alpha1
2.1.0.beta1
2.1.0.beta3
2.2.0.alpha1
2.2.0.alpha10
2.2.0.alpha11
2.2.0.alpha12
2.2.0.alpha13
2.2.0.alpha14
2.2.0.alpha15
2.2.0.alpha16
2.2.0.alpha2
2.2.0.alpha3
2.2.0.alpha4
2.2.0.alpha5
2.2.0.alpha6
2.2.0.alpha7
2.2.0.alpha8
2.2.0.alpha9
2.2.0.beta1
2.2.0.beta2
2.2.0.rc1
2.2.alpha14
2.3.0
2.3.0.alpha1
2.3.0.beta1
2.3.0.beta2
2.3.0.beta3
2.3.1
2.3.2
2.3.3
2.3.4
2.4.0
2.4.0.alpha1
2.4.0.beta1
2.4.0.beta2
2.5.0.alpha1
2.5.0.alpha2
2.6.0
2.6.0.alpha1
2.6.0.beta1
2.6.0.beta2
2.6.0.rc1
2.6.1
3.*
3.0.0.alpha17
3.0.0.alpha5
3.0.0.beta1
3.0.0.beta2
3.0.0.beta3
3.0.0.beta4
3.2.0.alpha1
3.2.0.alpha2
3.2.0.alpha3
3.2.0.alpha4
3.2.0.alpha5
3.2.0.alpha6
3.2.0.alpha7
4.*
4.0.0.alpha1
4.0.0.alpha2
4.0.0.alpha3
4.0.0.beta1
5.*
5.0.0
5.0.0.alpha1
5.0.0.beta1
5.0.0.rc1
6.*
6.0.0
6.0.0.rc1
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
v10.*
v10.0.0
v10.0.1
v10.0.10
v10.0.11
v10.0.12
v10.0.13
v10.0.14
v10.0.15
v10.0.16
v10.0.17
v10.0.18
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.0.8
v10.0.9
v11.*
v11.0.0-alpha1
v11.0.0-beta1
v12.*
v12.0.0
v12.0.0-alpha1
v12.0.0-alpha2
v12.0.0-alpha3
v12.0.0-alpha4
v12.0.0-alpha5
v12.0.0-beta1
v12.0.0-beta2
v12.0.1
v12.0.2
v13.*
v13.0.0
v13.0.0-alpha1
v13.0.0-alpha2
v13.0.0-alpha3
v13.0.0-alpha4
v13.0.0-beta1
v13.0.0-beta2
v13.0.0-beta3
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.1.0
v14.1.0-alpha1
v14.1.0-alpha2
v14.1.0-alpha3
v14.1.0-alpha4
v14.1.0-alpha5
v14.1.0-beta1
v14.1.0-beta2
v14.1.0-beta3
v14.1.0-rc1
v14.1.1
v14.1.2
v14.2.0
v14.2.0-alpha1
v14.2.0-alpha10
v14.2.0-alpha11
v14.2.0-alpha2
v14.2.0-alpha3
v14.2.0-alpha4
v14.2.0-alpha5
v14.2.0-alpha6
v14.2.0-alpha7
v14.2.0-alpha8
v14.2.0-alpha9
v14.2.0-beta1
v14.2.0-rc1
v14.3.0
v14.3.0-alpha1
v14.3.0-beta1
v14.3.0-beta2
v14.3.0-beta3
v14.3.0-rc1
v14.4.0
v14.4.0-alpha1
v14.4.0-beta1
v14.4.0-beta2
v14.4.0-rc1
v14.5.0-alpha1
v14.5.0-alpha2
v14.5.0-alpha3
v14.5.0-beta1
v14.5.0-rc1
v14.6.0
v14.6.0-alpha1
v14.6.0-alpha2
v14.6.0-beta1
v14.6.0-beta2
v14.6.0-rc1
v14.6.1
v15.*
v15.0.0-alpha1
v15.0.0-alpha10
v15.0.0-alpha11
v15.0.0-alpha12
v15.0.0-alpha13
v15.0.0-alpha14
v15.0.0-alpha15
v15.0.0-alpha2
v15.0.0-alpha3
v15.0.0-alpha4
v15.0.0-alpha5
v15.0.0-alpha6
v15.0.0-alpha7
v15.0.0-alpha8
v15.0.0-alpha9
v15.0.0-beta1
v15.0.0-beta2
v15.0.0-beta3
v15.0.0-beta4
v15.0.0-beta5
v15.0.0-rc1
v16.*
v16.0.0-alpha1
v16.0.0-alpha2
v16.0.0-alpha3
v17.*
v17.0.0
v17.0.0-alpha1
v17.0.0-alpha2
v17.0.0-alpha3
v17.0.0-alpha4
v17.0.0-alpha5
v17.0.0-alpha6
v17.0.0-alpha7
v17.0.0-beta1
v17.0.0-beta2
v17.0.0-beta3
v17.0.0-rc1
v17.0.0-rc2
v18.*
v18.0.0
v18.0.0-alpha1
v18.0.0-beta1
v18.0.0-beta2
v18.0.0-beta3
v18.0.0-rc1
v18.0.0-rc2
v19.*
v19.0.0
v19.0.1
v19.0.2
v19.0.3
v19.0.4
v19.0.5
v19.0.6
v19.0.7
v19.0.8