CVE-2021-31406
Information Exposure Through Discrepancy in maven/com.vaadin/flow
Identifiers
CVE-2021-31406
Package Slug
maven/com.vaadin/flow
Vulnerability
Information Exposure Through Discrepancy
Description
Non-constant-time comparison of CSRF tokens in endpoint request handler allows attacker to guess a security token for Fusion endpoints via timing attack.
Affected Versions
All versions starting from 3.0.0 before 5.0.4, version 6.0.0
Solution
Upgrade to versions 5.0.4, 6.0.1 or above.
Last Modified
2021-05-03
| source |