CVE-2021-31407
maven/com.vaadin/vaadin-server
Exposure of Resource to Wrong Sphere
A vulnerability in the OSGi integration in com.vaadin:flow-server
allows attackers to access application classes and resources on the server via crafted HTTP request.
All versions starting from 12.0.0 before 14.4.10, all versions starting from 19.0.0 before 19.0.1
Upgrade to version 14.4.10 or 19.0.1 or above.
2021-05-10
source |