CVE-2021-31406
maven/com.vaadin/flow
Information Exposure Through Discrepancy
Non-constant-time comparison of CSRF tokens in endpoint request handler allows attacker to guess a security token for Fusion endpoints via timing attack.
All versions starting from 3.0.0 before 5.0.4, version 6.0.0
Upgrade to versions 5.0.4, 6.0.1 or above.
2021-05-03
source |