VYPR
High severityNVD Advisory· Published May 5, 2021· Updated Sep 17, 2024

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

CVE-2021-31409

Description

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.vaadin:vaadin-compatibility-serverMaven
>= 8.0.0, < 8.13.08.13.0

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.