High severityNVD Advisory· Published May 5, 2021· Updated Sep 16, 2024
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19
CVE-2021-31411
Description
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.vaadin:vaadin-bomMaven | >= 14.0.3, < 14.5.3 | 14.5.3 |
com.vaadin:vaadin-bomMaven | >= 15.0.0, < 19.0.5 | 19.0.5 |
Affected products
2- Vaadin/flow-serverv5Range: 2.0.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-p826-8vhq-h439ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-31411ghsaADVISORY
- github.com/vaadin/flow/pull/10640ghsax_refsource_CONFIRMWEB
- github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439ghsaWEB
- vaadin.com/security/cve-2021-31411ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.