CVE-2021-31411
Description
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.049
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-31411 are fixed in Vaadin - vaadin-bom 14.5.3 | Windows |
| Vulnerabilities CVE-2021-31411 are fixed in Vaadin - vaadin-bom 19.0.5 | Windows |
| Vulnerabilities CVE-2021-31411 are fixed in Vaadin - vaadin-bom for Linux 14.5.3 | Linux |
| Vulnerabilities CVE-2021-31411 are fixed in Vaadin - vaadin-bom for Linux 19.0.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234