GHSA-25xc-jwfq-39jw

Опубликовано: 19 апр. 2021

Источник: github

Github: Прошло ревью

CVSS3: 8.6

Описание

OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

https://vaadin.com/security/cve-2021-31407

Ссылки

Пакеты

Наименование

com.vaadin:flow-server

maven

Затронутые версииВерсия исправления

>= 1.2.0, <= 2.4.7

2.4.8

Наименование

com.vaadin:flow-server

maven

Затронутые версииВерсия исправления

= 6.0.0

6.0.1

EPSS

Процентиль: 82%

0.01802

Низкий

8.6 High

CVSS3

CVE ID

CVE-2021-31407

Дефекты

CWE-402

CWE-668

Связанные уязвимости

CVE-2021-31407

CVSS3: 8.6

nvd

больше 4 лет назад

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

EPSS

Процентиль: 82%

0.01802

Низкий

8.6 High

CVSS3

CVE ID

CVE-2021-31407

Дефекты

CWE-402

CWE-668