WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server

Description

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

Remediation

References

https://github.com/vaadin/flow/pull/10269

https://vaadin.com/security/cve-2021-31407

https://github.com/vaadin/flow/pull/10229

https://github.com/vaadin/osgi/issues/50

Related Vulnerabilities

CVE-2022-41940 Vulnerability in maven package org.webjars.bower:engine.io

CVE-2021-21277 Vulnerability in npm package angular-expressions

CVE-2014-0035 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security

CVE-2021-33420 Vulnerability in npm package replicator

CVE-2019-0205 Vulnerability in maven package org.webjars.npm:thrift

Severity

High

Classification

CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Vendor Advisory