High severityNVD Advisory· Published May 5, 2021· Updated Sep 17, 2024
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
CVE-2021-31409
Description
Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.vaadin:vaadin-compatibility-serverMaven | >= 8.0.0, < 8.13.0 | 8.13.0 |
Affected products
2- Vaadin/vaadin-compatibility-serverv5Range: 8.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-c332-w4jm-55wvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-31409ghsaADVISORY
- github.com/vaadin/framework/issues/12240ghsax_refsource_CONFIRMWEB
- github.com/vaadin/framework/pull/12241ghsax_refsource_CONFIRMWEB
- github.com/vaadin/framework/security/advisories/GHSA-c332-w4jm-55wvghsaWEB
- vaadin.com/security/cve-2021-31409ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.