Lucene search
+L

4 matches found

CVE
CVE
added 2021/04/23 4:5 p.m.105 views

CVE-2021-31407

Vulnerability: CVE-2021-31407 affects Vaadin’s OSGi integration in flow-server. Affected: com.vaadin:flow-server versions 1.2.0–2.4.7 (Vaadin 12.0.0–14.4.9) and 6.0.0–6.0.1 (Vaadin 19.0.0). Description: allows an attacker to access server-side application classes and resources via a crafted HTTP ...

8.6CVSS7.5AI score0.02382EPSS
Exploits0References4Affected Software2
vulnersOsv
vulnersOsv
added 2021/04/19 2:50 p.m.4 views

com.vaadin:flow (=6.0.0), com.vaadin:flow-client (=6.0.0) +95 more potentially affected by CVE-2021-31407 via com.vaadin:flow-server (=6.0.0)

com.vaadin:flow-server MAVEN version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.vaadin:flow-server and may be impacted: - com.vaadin:flow =6.0.0 - com.vaadin:flow-client =6.0.0 - com.vaadin:flow-component-demo-helpers =6.0.0 -...

8.6CVSS7.1AI score0.02382EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/19 2:50 p.m.58 views

OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...

8.6CVSS4.1AI score0.02382EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2021/04/19 2:50 p.m.6 views

ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +655 more potentially affected by CVE-2021-31407 via com.vaadin:flow-server (>=1.2.0 <=2.4.7)

com.vaadin:flow-server MAVEN version =1.2.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.4.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-31407 Source advisory: OSV:GHSA-25XC-JWFQ-39JW...

8.6CVSS7.1AI score0.02382EPSS
Exploits0
Rows per page
Query Builder