Home

CVE-2021-31407

Description

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.802

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-31407 are fixed in Vaadin-flow-server 2.4.8Windows
Vulnerabilities CVE-2021-31407,CVE-2021-31406 are fixed in Vaadin-flow-server 6.0.1Windows
Vulnerabilities CVE-2021-31407 are fixed in Vaadin-flow-server for Linux 2.4.8Linux
Vulnerabilities CVE-2021-31407,CVE-2021-31406 are fixed in Vaadin-flow-server for Linux 6.0.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234