Lucene search
Veracode Vulnerability DatabaseVERACODE:30047HistoryApr 20, 2021 - 7:32 a.m.
Information Disclosure
2021-04-2007:32:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.0004 Low
EPSS
Percentile
12.7%
flow-server is vulnerable to information disclosure. Non-constant-time comparison of CSRF tokens in UIDL request handler allows an attacker to discover a security token via a timing attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flow server | le | 2.4.6 | |
| flow server | le | 1.0.13 | |
| flow server | le | 5.0.2 |
Related
github
github
osv
osv
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
2021-04-19 14:51:25
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
2021-04-19 14:47:47
CVE-2021-31404
2021-04-23 16:15:08
prion
prion
Cross site request forgery (csrf)
2021-04-23 16:15:00
nvd
nvd
CVE-2021-31404
2021-04-23 16:15:08
cvelist
cvelist
vaadin
vaadin
cve
cve
CVE-2021-31404
2021-04-23 16:15:08