Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-31411

Good to know:

icon

Date: May 5, 2021

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

Language: Java

Severity Score

Related Resources (5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31411
https://vaadin.com/security/cve-2021-31411
https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439
https://github.com/vaadin/flow/pull/10640
https://www.mend.io/vulnerability-database/CVE-2021-31411

Severity Score

Weakness Type (CWE)

Creation of Temporary File in Directory with Insecure Permissions

CWE-379

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us