5 matches found
CVE-2021-31404
The CVE-2021-31404 issue affects com.vaadin:flow-server (Vaadin) where the UIDL request handler uses a non-constant-time comparison for CSRF tokens. This timing discrepancy enables an attacker to guess the security token. Affected versions span Vaadin Flow Server 1.0.0–1.0.13 (Vaadin 10.0.0–10.0....
com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +107 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=3.0.0 <=5.0.2)
com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =5.0.2 and more Source cves: CVE-2021-31404 Source advisory: OSV:GHSA-XWG3-QRCG-W9X6...
com.vaadin:flow (>=1.0.0 <=1.0.13), com.vaadin:flow-client (>=1.0.0 <=1.0.13) +30 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=1.0.0 <=1.0.13)
com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.17 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 through 13, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...
GHSA-C6C4-7X48-4CQP Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...