CVE-2021-31407
maven/com.vaadin/flow-client
Exposure of Resource to Wrong Sphere
A vulnerability in OSGi integration in com.vaadin:flow-server
allows attacker to access application classes and resources on the server via crafted HTTP request.
All versions starting from 12.0.0 before 14.4.10, all versions starting from 19.0.0 before 19.0.1
Upgrade to version 14.4.10 or 19.0.1 or above.
2021-05-10
source |