CVE-2021-31411 – com.vaadin:vaadin-bom

Package

Manager: maven
Name: com.vaadin:vaadin-bom
Vulnerable Version: >=14.0.3 <14.5.3 || >=15.0.0 <19.0.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00049 pctl0.14781

Details

Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 Insecure temporary directory usage in frontend build functionality of `com.vaadin:flow-server` versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds. - https://vaadin.com/security/cve-2021-31411

Metadata

Created: 2021-05-06T15:27:12Z
Modified: 2021-05-19T17:41:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-p826-8vhq-h439/GHSA-p826-8vhq-h439.json
CWE IDs: ["CWE-379"]
Alternative ID: GHSA-p826-8vhq-h439
Finding: F028
Auto approve: 1