CVE-2021-31404
maven/com.vaadin/flow
Information Exposure Through Discrepancy
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server (Vaad ) (Vaad ) (Vaad ) (Vaad ) (Vaad ) allows attacker to guess a security token via timing attack.
All versions starting from 1.0.0 before 1.0.14, all versions starting from 1.1.0 before 5.0.0
Upgrade to versions 1.0.14, 5.0.0 or above.
2021-05-03
source |