CVE-2021-31407

Exposure of Resource to Wrong Sphere in maven/com.vaadin/vaadin-server

Identifiers

CVE-2021-31407

Package Slug

maven/com.vaadin/vaadin-server

Vulnerability

Exposure of Resource to Wrong Sphere

Description

A vulnerability in the OSGi integration in com.vaadin:flow-server allows attackers to access application classes and resources on the server via crafted HTTP request.

Affected Versions

All versions starting from 12.0.0 before 14.4.10, all versions starting from 19.0.0 before 19.0.1

Solution

Upgrade to version 14.4.10 or 19.0.1 or above.

Last Modified

2021-05-10

source