CVE-2021-31407

Sažetak

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

Reference

https://github.com/vaadin/flow/pull/10269
https://vaadin.com/security/cve-2021-31407
https://github.com/vaadin/flow/pull/10229
https://github.com/vaadin/osgi/issues/50

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

12-08-2022 - 18:02

Objavljeno

23-04-2021 - 16:15