CVE-2021-31407
maven/com.vaadin/flow-server
Exposure of Resource to Wrong Sphere
Vulnerability in OSGi integration in com.vaadin:flow-server
allows attacker to access application classes and resources on the server via crafted HTTP request.
All versions starting from 1.2.0 through 2.4.7, all versions starting from 6.0.0 through 6.0.1
Upgrade to version 2.4.8, 6.0.2, or higher.
2021-05-07
source |