High severityNVD Advisory· Published May 5, 2021· Updated Sep 16, 2024
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19
CVE-2021-31411
Description
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.vaadin:vaadin-bomMaven | >= 14.0.3, < 14.5.3 | 14.5.3 |
com.vaadin:vaadin-bomMaven | >= 15.0.0, < 19.0.5 | 19.0.5 |
Affected products
3- Range: 2.0.9
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-p826-8vhq-h439ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-31411ghsaADVISORY
- github.com/vaadin/flow/pull/10640ghsax_refsource_CONFIRMWEB
- github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439ghsaWEB
- vaadin.com/security/cve-2021-31411ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.