GHSA-j9wr-49vq-rm5g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-j9wr-49vq-rm5g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-j9wr-49vq-rm5g/GHSA-j9wr-49vq-rm5g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-j9wr-49vq-rm5g
- Published
- 2021-04-19T14:46:49Z
- Modified
- 2024-12-02T05:48:18.341658Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
- Details
-
Vulnerability in OSGi integration in
com.vaadin:flow-serverversions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.- https://vaadin.com/security/cve-2021-31407
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-402" ], "github_reviewed_at": "2021-04-16T23:12:45Z", "severity": "HIGH", "github_reviewed": true }- References
Affected packages
Maven / com.vaadin:vaadin-bom
Package
- Name
- com.vaadin:vaadin-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-bom
Affected versions
12.*
12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5
12.0.6
12.0.7
13.*
13.0.0
13.0.1
13.0.2
13.0.3
13.0.4
13.0.5
13.0.6
13.0.7
13.0.8
13.0.9
13.0.10
13.0.11
13.0.12
13.0.13
14.*
14.0.0
14.0.1
14.0.2
14.0.3
14.0.4
14.0.5
14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.0.13
14.0.14
14.0.15
14.1.0
14.1.1
14.1.2
14.1.3
14.1.4
14.1.5
14.1.16
14.1.17
14.1.18
14.1.19
14.1.20
14.1.21
14.1.22
14.1.23
14.1.24
14.1.25
14.1.26
14.1.27
14.1.28
14.2.0
14.2.1
14.2.2
14.2.3
14.3.0
14.3.1
14.3.2
14.3.3
14.3.4
14.3.5
14.3.6
14.3.7
14.3.8
14.3.9
14.4.0
14.4.1
14.4.2
14.4.3
14.4.4
14.4.5
14.4.6
14.4.7
14.4.8
14.4.9
Maven / com.vaadin:vaadin-bom
Package
- Name
- com.vaadin:vaadin-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-bom