High severityNVD Advisory· Published May 5, 2021· Updated Sep 17, 2024
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
CVE-2021-31409
Description
Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.vaadin:vaadin-compatibility-serverMaven | >= 8.0.0, < 8.13.0 | 8.13.0 |
Affected products
3- Range: 8.0.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-c332-w4jm-55wvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-31409ghsaADVISORY
- github.com/vaadin/framework/issues/12240ghsax_refsource_CONFIRMWEB
- github.com/vaadin/framework/pull/12241ghsax_refsource_CONFIRMWEB
- github.com/vaadin/framework/security/advisories/GHSA-c332-w4jm-55wvghsaWEB
- vaadin.com/security/cve-2021-31409ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.