Lucene search
+L

5 matches found

CVE
CVE
added 2021/04/23 4:5 p.m.83 views

CVE-2021-31404

The CVE-2021-31404 issue affects com.vaadin:flow-server (Vaadin) where the UIDL request handler uses a non-constant-time comparison for CSRF tokens. This timing discrepancy enables an attacker to guess the security token. Affected versions span Vaadin Flow Server 1.0.0–1.0.13 (Vaadin 10.0.0–10.0....

4CVSS3.6AI score0.0021EPSS
Exploits0References2Affected Software2
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.5 views

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +107 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=3.0.0 <=5.0.2)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =5.0.2 and more Source cves: CVE-2021-31404 Source advisory: OSV:GHSA-XWG3-QRCG-W9X6...

4CVSS5.8AI score0.0021EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.5 views

com.vaadin:flow (>=1.0.0 <=1.0.13), com.vaadin:flow-client (>=1.0.0 <=1.0.13) +30 more potentially affected by CVE-2021-31404 via com.vaadin:flow-server (>=1.0.0 <=1.0.13)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.17 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...

4CVSS5.8AI score0.0021EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/19 2:51 p.m.74 views

Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 through 13, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

4CVSS3.7AI score0.0021EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/04/19 2:47 p.m.15 views

GHSA-C6C4-7X48-4CQP Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

4CVSS3.8AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder