CVE-2021-31404
maven/com.vaadin/vaadin-server
Information Exposure Through Discrepancy
A non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server
allows attackers to guess a security token via a timing attack.
All versions starting from 10.0.0 before 10.0.17, all versions starting from 11.0.0 before 18.0.6
Upgrade to version 10.0.17 or 18.0.6 or above.
2021-05-10
source |