GHSA-25xc-jwfq-39jw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-25xc-jwfq-39jw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-25xc-jwfq-39jw/GHSA-25xc-jwfq-39jw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-25xc-jwfq-39jw
- Aliases
- Published
- 2021-04-19T14:50:49Z
- Modified
- 2023-11-08T04:05:48.344950Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
- Details
-
Vulnerability in OSGi integration in
com.vaadin:flow-serverversions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.- https://vaadin.com/security/cve-2021-31407
- Database specific
{ "nvd_published_at": "2021-04-23T16:15:00Z", "github_reviewed_at": "2021-04-16T23:15:42Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-402", "CWE-668" ] }- References
-
- https://github.com/vaadin/flow/security/advisories/GHSA-25xc-jwfq-39jw
- https://nvd.nist.gov/vuln/detail/CVE-2021-31407
- https://github.com/vaadin/osgi/issues/50
- https://github.com/vaadin/flow/pull/10229
- https://github.com/vaadin/flow/pull/10269
- https://github.com/vaadin/flow
- https://vaadin.com/security/cve-2021-31407
Affected packages
Maven / com.vaadin:flow-server
Package
- Name
- com.vaadin:flow-server
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/flow-server
Affected versions
1.*
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.1.0.beta2
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0.alpha11
2.2.0
2.2.1
2.2.2
2.2.3
2.3.0.beta1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
Maven / com.vaadin:flow-server
Package
- Name
- com.vaadin:flow-server
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/flow-server