Flow@1.1.0 Security Vulnerabilities and Issues — Flow@1.1.0 CVE List

Lucene search

VaadinFlow1.1.0

3 matches found

CVE•added 2021/04/23 4:15 p.m.•66 views

CVE-2021-31404

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18)...

4CVSS3.6AI score0.00049EPSS

CVE•added 2021/06/24 12:15 p.m.•65 views

CVE-2021-31412

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through ...

5.3CVSS5.1AI score0.00938EPSS

CVE•added 2021/04/23 4:15 p.m.•63 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL

6.1CVSS6.2AI score0.00371EPSS