← volver
CVE-2021-31403

Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8

CVSS 4 MEDIUMEPSS 0.3%CWE-208
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
Vaadin · VaadinVaadin · vaadin-server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/vaadin/framework/pull/12188https://github.com/vaadin/framework/pull/12190https://vaadin.com/security/cve-2021-31403