Lucene search
+L

7 matches found

OSV
OSV
added 2021/04/23 5:15 p.m.33 views

CVE-2021-31408

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

7.1CVSS6.7AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/23 4:7 p.m.43 views

CVE-2021-31408 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

6.3CVSS7AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 2021/04/23 4:7 p.m.99 views

CVE-2021-31408

The CVE-2021-31408 issue affects vaadin:flow-client: versions 5.0.0 prior to 6.0.0 (Vaadin 18) and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3). The root cause is an incorrect HTTP method in Authentication.logout() combined with Spring Security CSRF protection, which, according to the provi...

7.1CVSS6.3AI score0.00322EPSS
Exploits0References2Affected Software2
vulnersOsv
vulnersOsv
added 2021/04/22 4:11 p.m.6 views

com.alibaba.rsocket:alibaba-broker-server (=1.0.1), com.github.mcollovati.vertx:vaadin-flow-sockjs (>=18.0.0 <=19.0.0) +74 more potentially affected by CVE-2021-31408 via com.vaadin:flow-client (>=5.0.0 <=6.0.4)

com.vaadin:flow-client MAVEN version =5.0.0, =18.0.0, =18.0.0, =5.0.0, =5.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.7 and more Source cves: CVE-2021-31408 Source advisory: OSV:GHSA-6HGR-2G6Q-3RMC...

7.1CVSS7AI score0.00322EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/22 4:11 p.m.65 views

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

7.1CVSS3.4AI score0.00322EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/04/22 4:11 p.m.21 views

GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

6.3CVSS6.7AI score0.00322EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/04/22 4:11 p.m.59 views

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

7.1CVSS3.4AI score0.00322EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder