CVE-2021-31403
maven/com.vaadin/flow-client
Information Exposure Through Discrepancy
A non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server
allows attacker to guess a security token via timing attack.
All versions starting from 7.0.0 before 7.7.24, all versions starting from 8.0.0 before 8.12.3
Upgrade to version 7.7.24 or 8.12.3 or above.
2021-05-10
source |