Flow@2.0.0 Security Vulnerabilities and Issues — Flow@2.0.0 CVE List

Lucene search

VaadinFlow2.0.0

3 matches found

CVE•added 2021/04/23 4:15 p.m.•66 views

CVE-2021-31404

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18)...

4CVSS3.6AI score0.00049EPSS

CVE•added 2021/06/24 12:15 p.m.•65 views

CVE-2021-31412

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through ...

5.3CVSS5.1AI score0.00938EPSS

CVE•added 2021/04/23 4:15 p.m.•62 views

CVE-2020-36321

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.

7.5CVSS6.4AI score0.00551EPSS