CVE-2021-31408

Insufficient Session Expiration in maven/com.vaadin/flow-client

Identifiers

CVE-2021-31408

Package Slug

maven/com.vaadin/flow-client

Vulnerability

Insufficient Session Expiration

Description

Authentication.logout() helper in com.vaadin:flow-client uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

Affected Versions

All versions starting from 5.0.0 through 6.0.4

Solution

Upgrade to version 6.0.5 or above

Last Modified

2021-05-07

source