WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server

Description

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

Remediation

References

https://github.com/vaadin/flow/pull/10229

https://github.com/vaadin/flow/pull/10269

https://github.com/vaadin/osgi/issues/50

https://vaadin.com/security/cve-2021-31407

Related Vulnerabilities

CVE-2022-24740 Vulnerability in npm package @plone/volto

CVE-2023-24815 Vulnerability in maven package io.vertx:vertx-web

CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2

CVE-2023-39153 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

CVE-2022-44262 Vulnerability in maven package org.ff4j:ff4j-core

Severity

High

Classification

CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Vendor Advisory