Количество 2
Количество 2
CVE-2021-31403
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
GHSA-75xc-qvxh-27f8
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-31403 Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack | CVSS3: 4 | 0% Низкий | почти 5 лет назад |
| GHSA-75xc-qvxh-27f8 Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 | CVSS3: 4 | 0% Низкий | почти 5 лет назад |
Уязвимостей на страницу