CVE-2021-31403
CVSS v3.1
2.5 (Low)
CVSS v2.0
1.9 (Low)
EPSS
0.05 % (18th)
Affected Products
1
Advisories
1
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
- CVE Status
- PUBLISHED
- CNA
- Vaadin Ltd.
- Published Date
-
2021-04-23 16:15:08
(3 years ago) - Updated Date
-
2021-04-30 19:00:07
(3 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...