Lucene search
K

4 matches found

Circl
Circl
added 2024/01/28 4:3 a.m.7 views

CVE-2021-31412

creationtimestamp| type| source ---|---|--- 2024-01-28 04:03:13+00:00| seen| https://t.me/arpsyndicate/3195...

5.3CVSS5.4AI score0.01318EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/10/13 6:56 p.m.2 views

com.vaadin:flow (>=1.0.0 <=1.0.14), com.vaadin:flow-client (>=1.0.0 <=1.0.14) +30 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=1.0.0 <=1.0.14)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.18 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...

5.3CVSS6AI score0.01318EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/06/28 4:55 p.m.84 views

Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 Vaadin 10.0.0 through 10.0.18, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, and 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0....

5.3CVSS2AI score0.01318EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2021/06/24 11:33 a.m.81 views

CVE-2021-31412

The CVE-2021-31412 entry describes an information-disclosure issue in Vaadin Flow Server’s default RouteNotFoundError view. The vulnerability arises from improper sanitization of the path, enabling a network attacker to enumerate all available routes when the application runs in production mode a...

5.3CVSS5.1AI score0.01318EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder