Description
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
Related CPE's
a
vaadin
flow
2
a
vaadin
vaadin
2
References
https://github.com/vaadin/flow/pull/10229
PatchThird Party Advisory
https://github.com/vaadin/flow/pull/10269
PatchThird Party Advisory
https://github.com/vaadin/osgi/issues/50
PatchThird Party Advisory
https://vaadin.com/security/cve-2021-31407
Vendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-04-23T16:15:08.767
4 years agoLast modified
2022-08-12T18:02:01.923
2 years ago