CVE-2021-31406
maven/com.vaadin/flow-server
Information Exposure Through Discrepancy
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server
allows attacker to guess a security token for Fusion endpoints via timing attack.
All versions starting from 3.0.0 through 5.0.3
Upgrade to version 5.0.4 or above.
2021-05-07
source |