CVE-2021-31404
maven/com.vaadin/flow-client
Information Exposure Through Discrepancy
A non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server
allows attacker to guess a security token via timing attack.
All versions starting from 10.0.0 before 10.0.17, all versions starting from 11.0.0 before 18.0.6
Upgrade to version 10.0.17 or 18.0.6 or above.
2021-05-10
source |