19 matches found
EUVD-2021-0848
Malware in sbrugna...
Security Bulletin: IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service (CVE-2021-31403, CVE-2021-33609)
Summary IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service due to vulnerabilities in Vaadin JAR. The fix involves upgrading the Vaadin JAR to the patched version. Vulnerability Details CVEID:CVE-2021-31403 DESCRIPTION: Vaadin could allow a local...
Vaadin flow has an unspecified vulnerability
Vaadin flow is an application. vaadin platform Java framework for building modern websites that look good, perform well and keep you and your users happy. vaadin: flow-server versions 3.0.0 through 5.0.3 have a security vulnerability that can be exploited by attackers to guess the security token ...
CVE-2021-31408
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
CVE-2021-31408
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
Cross site request forgery (csrf)
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
CVE-2021-31406
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack...
CVE-2021-31408
The CVE-2021-31408 issue affects vaadin:flow-client: versions 5.0.0 prior to 6.0.0 (Vaadin 18) and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3). The root cause is an incorrect HTTP method in Authentication.logout() combined with Spring Security CSRF protection, which, according to the provi...
CVE-2021-31408 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
CVE-2021-31406 Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack...
Vaadin flow 安全漏洞
Vaadin flow is an application. vaadin platform Java framework for building modern websites that look good, perform well and keep you and your users happy. vaadin: flow-server versions 3.0.0 through 5.0.3 have a security vulnerability that can be exploited by attackers to guess the security token ...
Vaadin flow 代码问题漏洞
Vaadin flow is a software application. a Java framework for the Vaadin platform for building modern websites that look great, perform well and keep you and your users happy. A code issue vulnerability exists in vaadin:flow-client that allows a local attacker to access Fusion endpoints after a use...
GHSA-6HGR-2G6Q-3RMC Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
Information Disclosure
flow-server is vulnerable to information disclosure. Non-constant-time comparison of CSRF tokens in endpoint request handler allows an attacker to discover a security token for Fusion endpoints via timing attack...
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack....
GHSA-P7JQ-V8JP-J424 Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack....
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack....