3 matches found
Cross site request forgery (csrf)
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
com.alibaba.rsocket:alibaba-broker-server (=1.0.1), com.github.mcollovati.vertx:vaadin-flow-sockjs (>=18.0.0 <=19.0.0) +74 more potentially affected by CVE-2021-31408 via com.vaadin:flow-client (>=5.0.0 <=6.0.4)
com.vaadin:flow-client MAVEN version =5.0.0, =18.0.0, =18.0.0, =5.0.0, =5.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.7 and more Source cves: CVE-2021-31408 Source advisory: OSV:GHSA-6HGR-2G6Q-3RMC...
com.vaadin:flow (=6.0.0), com.vaadin:flow-client (=6.0.0) +95 more potentially affected by CVE-2021-31406 via com.vaadin:flow-server (=6.0.0)
com.vaadin:flow-server MAVEN version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.vaadin:flow-server and may be impacted: - com.vaadin:flow =6.0.0 - com.vaadin:flow-client =6.0.0 - com.vaadin:flow-component-demo-helpers =6.0.0 -...