CVE-2021-31407

Exposure of Resource to Wrong Sphere in maven/com.vaadin/flow-client

Identifier

CVE-2021-31407

Package Slug

maven/com.vaadin/flow-client

Vulnerability

Exposure of Resource to Wrong Sphere

Description

A vulnerability in OSGi integration in com.vaadin:flow-server allows attacker to access application classes and resources on the server via crafted HTTP request.

Affected Versions

All versions starting from 12.0.0 before 14.4.10, all versions starting from 19.0.0 before 19.0.1

Solution

Upgrade to version 14.4.10 or 19.0.1 or above.

Last Modified

2021-05-10

source