CVE-2021-31412
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-31412
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31412.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31412
- Aliases
- Published
- 2021-06-24T12:15:08Z
- Modified
- 2024-09-03T03:49:02.303166Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.
- References
Affected packages
Git / github.com/vaadin/flow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vaadin/flow
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Type
- GIT
- Repo
- https://github.com/vaadin/platform
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Type
- GIT
- Repo
- https://github.com/vaadin/vaadin
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
Affected versions
1.*
1.0.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.0.alpha1
1.1.0.alpha2
1.1.0.alpha3
1.1.0.beta1
1.1.0.beta2
1.1.0.beta3
1.1.0.beta4
1.2.0
1.2.0.alpha1
1.2.0.beta1
1.2.0.beta2
1.3.0
1.3.0.beta1
1.3.0.beta2
1.4.0
10.*
10.0.0
10.0.1
10.0.10
10.0.11
10.0.12
10.0.13
10.0.14
10.0.15
10.0.16
10.0.17
10.0.18
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
11.*
11.0.0.alpha1
11.0.0.beta1
12.*
12.0.0.alpha1
12.0.0.alpha2
12.0.0.alpha3
12.0.0.alpha4
12.0.0.alpha5
12.0.0.beta1
12.0.0.beta2
13.*
13.0.0
13.0.0.alpha1
13.0.0.alpha2
13.0.0.alpha3
13.0.0.alpha4
13.0.0.beta1
13.0.0.beta2
13.0.0.beta3
14.*
14.0.0
14.0.1
14.0.2
14.1.0
14.1.0.alpha1
14.1.0.alpha3
14.1.0.beta1
14.1.0.beta2
14.1.1
14.1.2
14.2.0
14.2.0.alpha1
14.2.0.alpha10
14.2.0.alpha11
14.2.0.alpha2
14.2.0.alpha3
14.2.0.alpha4
14.2.0.alpha5
14.2.0.alpha6
14.2.0.alpha7
14.2.0.alpha8
14.2.0.alpha9
14.2.0.beta1
14.2.0.rc1
14.3.0
14.3.0.alpha1
14.3.0.beta1
14.3.0.beta2
14.3.0.beta3
14.3.0.rc1
14.4.0
14.4.0.alpha1
14.4.0.beta1
14.4.0.beta2
14.4.0.rc1
14.5.0.alpha1
14.5.0.alpha2
14.5.0.alpha3
14.5.0.beta1
14.5.0.rc1
14.6.0
14.6.0.alpha1
14.6.0.alpha2
14.6.0.beta1
14.6.0.beta2
14.6.0.rc1
14.6.1
15.*
15.0.0
15.0.0.rc1
16.*
16.0.0.alpha1
16.0.0.alpha2
16.0.0.alpha3
16.0.1
17.*
17.0.0
17.0.0.alpha2
17.0.0.alpha3
17.0.0.alpha4
17.0.0.alpha5
17.0.0.alpha6
17.0.0.alpha7
17.0.0.beta1
17.0.0.beta2
17.0.0.beta3
17.0.0.rc1
17.0.0.rc2
18.*
18.0.0
18.0.0.alpha1
18.0.0.beta1
18.0.0.beta2
18.0.0.beta3
18.0.0.rc1
18.0.0.rc2
19.*
19.0.0
19.0.0.alpha1
19.0.0.alpha2
19.0.0.alpha3
19.0.0.alpha4
19.0.0.alpha5
19.0.0.beta1
19.0.0.beta2
19.0.0.beta3
19.0.0.rc1
19.0.1
19.0.2
19.0.3
19.0.4
19.0.5
19.0.6
19.0.7
19.0.8
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1.0.alpha1
2.1.0.beta1
2.1.0.beta3
2.2.0
2.2.0.alpha1
2.2.0.alpha10
2.2.0.alpha11
2.2.0.alpha12
2.2.0.alpha13
2.2.0.alpha14
2.2.0.alpha15
2.2.0.alpha16
2.2.0.alpha2
2.2.0.alpha3
2.2.0.alpha4
2.2.0.alpha5
2.2.0.alpha6
2.2.0.alpha7
2.2.0.alpha8
2.2.0.alpha9
2.2.0.beta1
2.2.0.beta2
2.2.0.rc1
2.2.1
2.2.2
2.2.alpha14
2.3.0
2.3.0.alpha1
2.3.0.beta1
2.3.0.beta2
2.3.0.beta3
2.3.1
2.3.2
2.3.3
2.3.4
2.4.0
2.4.0.alpha1
2.4.0.beta1
2.4.0.beta2
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5.0.alpha1
2.5.0.alpha2
2.6.0
2.6.0.alpha1
2.6.0.beta1
2.6.0.beta2
2.6.0.rc1
2.6.1
3.*
3.0.0.alpha1
3.0.0.alpha11
3.0.0.alpha12
3.0.0.alpha13
3.0.0.alpha14
3.0.0.alpha15
3.0.0.alpha16
3.0.0.alpha17
3.0.0.alpha2
3.0.0.alpha3
3.0.0.alpha4
3.0.0.alpha5
3.0.0.alpha6
3.0.0.alpha7
3.0.0.alpha8
3.0.0.alpha9
3.0.0.beta1
3.0.0.beta2
3.0.0.beta3
3.0.0.beta4
3.2.0.alpha1
3.2.0.alpha2
3.2.0.alpha3
3.2.0.alpha4
3.2.0.alpha5
3.2.0.alpha6
3.2.0.alpha7
4.*
4.0.0.alpha1
4.0.0.alpha2
4.0.0.alpha3
4.0.0.beta1
5.*
5.0.0
5.0.0.alpha1
5.0.0.beta1
5.0.0.rc1
6.*
6.0.0
6.0.0.alpha1
6.0.0.alpha2
6.0.0.alpha3
6.0.0.alpha4
6.0.0.alpha5
6.0.0.beta1
6.0.0.beta2
6.0.0.beta3
6.0.0.beta4
6.0.0.beta5
6.0.0.rc1
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.1.0
v14.1.0-alpha1
v14.1.0-alpha2
v14.1.0-alpha3
v14.1.0-alpha4
v14.1.0-alpha5
v14.1.0-beta1
v14.1.0-beta2
v14.1.0-beta3
v14.1.0-rc1
v14.1.1
v14.1.2
v14.2.0
v14.2.0-alpha1
v14.2.0-alpha10
v14.2.0-alpha11
v14.2.0-alpha2
v14.2.0-alpha3
v14.2.0-alpha4
v14.2.0-alpha5
v14.2.0-alpha6
v14.2.0-alpha7
v14.2.0-alpha8
v14.2.0-alpha9
v14.2.0-beta1
v14.2.0-rc1
v14.3.0
v14.3.0-alpha1
v14.3.0-beta1
v14.3.0-beta2
v14.3.0-beta3
v14.3.0-rc1
v14.4.0
v14.4.0-alpha1
v14.4.0-beta1
v14.4.0-beta2
v14.4.0-rc1
v14.5.0-alpha1
v14.5.0-alpha2
v14.5.0-alpha3
v14.5.0-beta1
v14.5.0-rc1
v14.6.0
v14.6.0-alpha1
v14.6.0-alpha2
v14.6.0-beta1
v14.6.0-beta2
v14.6.0-rc1
v14.6.1
v15.*
v15.0.0
v15.0.0-alpha1
v15.0.0-alpha10
v15.0.0-alpha11
v15.0.0-alpha12
v15.0.0-alpha13
v15.0.0-alpha14
v15.0.0-alpha15
v15.0.0-alpha2
v15.0.0-alpha3
v15.0.0-alpha4
v15.0.0-alpha5
v15.0.0-alpha6
v15.0.0-alpha7
v15.0.0-alpha8
v15.0.0-alpha9
v15.0.0-beta1
v15.0.0-beta2
v15.0.0-beta3
v15.0.0-beta4
v15.0.0-beta5
v15.0.0-rc1
v16.*
v16.0.0-alpha1
v16.0.0-alpha2
v16.0.0-alpha3
v17.*
v17.0.0
v17.0.0-alpha1
v17.0.0-alpha2
v17.0.0-alpha3
v17.0.0-alpha4
v17.0.0-alpha5
v17.0.0-alpha6
v17.0.0-alpha7
v17.0.0-beta1
v17.0.0-beta2
v17.0.0-beta3
v17.0.0-rc1
v17.0.0-rc2
v18.*
v18.0.0
v18.0.0-alpha1
v18.0.0-beta1
v18.0.0-beta2
v18.0.0-beta3
v18.0.0-rc1
v18.0.0-rc2
v19.*
v19.0.0
v19.0.1
v19.0.2
v19.0.3
v19.0.4
v19.0.5
v19.0.6
v19.0.7
v19.0.8