CVE-2021-31411
Last modified
CVE-2021-31411 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vaadin | Flow | >= 2.0.9, < 2.5.3 |
| Vaadin | Flow | >= 3.0.0, <= 5.0.0 |
| Vaadin | Flow | >= 6.0.0, <= 6.0.6 |
| Vaadin | Vaadin | >= 14.0.3, < 14.5.3 |
| Vaadin | Vaadin | >= 15.0.0, < 19.0.5 |
References
- https://github.com/vaadin/flow/pull/10640Patch, Third Party Advisory
- https://vaadin.com/security/cve-2021-31411Vendor Advisory
- https://github.com/vaadin/flow/pull/10640Patch, Third Party Advisory
- https://vaadin.com/security/cve-2021-31411Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-31411?
How severe is CVE-2021-31411?
How do I fix CVE-2021-31411?
Are you affected by CVE-2021-31411?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST