CVE-2021-31403
maven/com.vaadin/vaadin-server
Information Exposure Through Discrepancy
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server
allows attacker to guess a security token via timing attack
All versions starting from 7.0.0 before 7.7.24, all versions starting from 8.0.0 before 8.12.3
Upgrade to versions 7.7.24, 8.12.3, or higher.
2021-05-07
source |