CVE-2021-31408
Insufficient Session Expiration in maven/com.vaadin/vaadin-server
Identifiers
CVE-2021-31408
Package Slug
maven/com.vaadin/vaadin-server
Vulnerability
Insufficient Session Expiration
Description
The Authentication.logout() helper in com.vaadin:flow-client uses an incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.
Affected Versions
All versions starting from 18.0.0 up to 19.0.4
Solution
Upgrade to version 19.0.4 or above
Last Modified
2021-05-10
| source |