Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/vaadin-bom@17.0.6
Typemaven
Namespacecom.vaadin
Namevaadin-bom
Version17.0.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version20.0.6
Latest_non_vulnerable_version20.0.6
Affected_by_vulnerabilities
0
url VCID-4r96-z5zh-cubc
vulnerability_id VCID-4r96-z5zh-cubc
summary 
Exposure of Resource to Wrong Sphere
Improper sanitization of path in default `RouteNotFoundError` view allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31412
reference_id
reference_type
scores
0
value 0.00686
scoring_system epss
scoring_elements 0.72136
published_at 2026-06-05T12:55:00Z
1
value 0.00686
scoring_system epss
scoring_elements 0.72143
published_at 2026-06-06T12:55:00Z
2
value 0.00686
scoring_system epss
scoring_elements 0.72095
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31412
1
reference_url https://github.com/vaadin/flow/pull/11107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/11107
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31412
reference_id CVE-2021-31412
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31412
3
reference_url https://vaadin.com/security/cve-2021-31412
reference_id CVE-2021-31412
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31412
4
reference_url https://github.com/advisories/GHSA-qrg9-f472-qwfm
reference_id GHSA-qrg9-f472-qwfm
reference_type
scores
url https://github.com/advisories/GHSA-qrg9-f472-qwfm
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-qrg9-f472-qwfm
reference_id GHSA-qrg9-f472-qwfm
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-qrg9-f472-qwfm
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@19.0.9
purl pkg:maven/com.vaadin/vaadin-bom@19.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.9
aliases CVE-2021-31412, GHSA-qrg9-f472-qwfm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r96-z5zh-cubc
1
url VCID-9fku-daga-ebgv
vulnerability_id VCID-9fku-daga-ebgv
summary 
Improper Neutralization
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33604
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17122
published_at 2026-06-06T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17126
published_at 2026-06-05T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.1705
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33604
1
reference_url https://github.com/vaadin/flow
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow
2
reference_url https://github.com/vaadin/flow/pull/11099
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/11099
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33604
reference_id CVE-2021-33604
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33604
4
reference_url https://vaadin.com/security/cve-2021-33604
reference_id CVE-2021-33604
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-33604
5
reference_url https://github.com/advisories/GHSA-c99r-67x4-whj6
reference_id GHSA-c99r-67x4-whj6
reference_type
scores
url https://github.com/advisories/GHSA-c99r-67x4-whj6
6
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c99r-67x4-whj6
reference_id GHSA-c99r-67x4-whj6
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c99r-67x4-whj6
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@19.0.9
purl pkg:maven/com.vaadin/vaadin-bom@19.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.9
aliases CVE-2021-33604, GHSA-c99r-67x4-whj6
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fku-daga-ebgv
2
url VCID-bud2-81n2-wyhc
vulnerability_id VCID-bud2-81n2-wyhc
summary 
Insecure Temporary File
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server allows local users to inject malicious code into frontend resources during application rebuilds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31411
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.1561
published_at 2026-06-06T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.1562
published_at 2026-06-05T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.15538
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31411
1
reference_url https://github.com/vaadin/flow/pull/10640
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10640
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31411
reference_id CVE-2021-31411
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31411
3
reference_url https://vaadin.com/security/cve-2021-31411
reference_id CVE-2021-31411
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31411
4
reference_url https://github.com/advisories/GHSA-p826-8vhq-h439
reference_id GHSA-p826-8vhq-h439
reference_type
scores
url https://github.com/advisories/GHSA-p826-8vhq-h439
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439
reference_id GHSA-p826-8vhq-h439
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@19.0.3
purl pkg:maven/com.vaadin/vaadin-bom@19.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.3
1
url pkg:maven/com.vaadin/vaadin-bom@19.0.5
purl pkg:maven/com.vaadin/vaadin-bom@19.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-9fku-daga-ebgv
2
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.5
aliases CVE-2021-31411, GHSA-p826-8vhq-h439
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bud2-81n2-wyhc
3
url VCID-hemz-191r-fyej
vulnerability_id VCID-hemz-191r-fyej
summary 
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Improper check in `CheckboxGroup` in `com.vaadin:vaadin-checkbox-flow` versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled `Checkbox` inside enabled `CheckboxGroup` component via unspecified vectors.

- https://vaadin.com/security/cve-2021-33605
references
0
reference_url https://github.com/advisories/GHSA-hw7r-qrhp-5pff
reference_id GHSA-hw7r-qrhp-5pff
reference_type
scores
url https://github.com/advisories/GHSA-hw7r-qrhp-5pff
1
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-hw7r-qrhp-5pff
reference_id GHSA-hw7r-qrhp-5pff
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-hw7r-qrhp-5pff
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@20.0.6
purl pkg:maven/com.vaadin/vaadin-bom@20.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@20.0.6
aliases GHSA-hw7r-qrhp-5pff, GMS-2021-68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hemz-191r-fyej
4
url VCID-jnr3-zatb-d7bh
vulnerability_id VCID-jnr3-zatb-d7bh
summary 
Uncontrolled Resource Consumption
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31405
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.649
published_at 2026-06-05T12:55:00Z
1
value 0.00468
scoring_system epss
scoring_elements 0.6491
published_at 2026-06-06T12:55:00Z
2
value 0.00468
scoring_system epss
scoring_elements 0.64858
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31405
1
reference_url https://github.com/vaadin/flow-components/pull/442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow-components/pull/442
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31405
reference_id CVE-2021-31405
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31405
3
reference_url https://vaadin.com/security/cve-2021-31405
reference_id CVE-2021-31405
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31405
4
reference_url https://github.com/advisories/GHSA-2wqp-jmcc-mc77
reference_id GHSA-2wqp-jmcc-mc77
reference_type
scores
url https://github.com/advisories/GHSA-2wqp-jmcc-mc77
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-2wqp-jmcc-mc77
reference_id GHSA-2wqp-jmcc-mc77
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-2wqp-jmcc-mc77
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@17.0.11
purl pkg:maven/com.vaadin/vaadin-bom@17.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-9fku-daga-ebgv
2
vulnerability VCID-bud2-81n2-wyhc
3
vulnerability VCID-hemz-191r-fyej
4
vulnerability VCID-kd1u-jqk2-xkgb
5
vulnerability VCID-tmht-98ed-a3fq
6
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@17.0.11
aliases CVE-2021-31405, GHSA-2wqp-jmcc-mc77
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jnr3-zatb-d7bh
5
url VCID-kd1u-jqk2-xkgb
vulnerability_id VCID-kd1u-jqk2-xkgb
summary 
Directory traversal in development mode handler in Vaadin 14 and 15-17
Improper URL validation in development mode handler in `com.vaadin:flow-server` versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.

- https://vaadin.com/security/cve-2020-36321
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2020-36321
reference_id CVE-2020-36321
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2020-36321
2
reference_url https://github.com/advisories/GHSA-82mf-mmh7-hxp5
reference_id GHSA-82mf-mmh7-hxp5
reference_type
scores
url https://github.com/advisories/GHSA-82mf-mmh7-hxp5
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-82mf-mmh7-hxp5
reference_id GHSA-82mf-mmh7-hxp5
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-82mf-mmh7-hxp5
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.0
purl pkg:maven/com.vaadin/vaadin-bom@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-bud2-81n2-wyhc
4
vulnerability VCID-hemz-191r-fyej
5
vulnerability VCID-tmht-98ed-a3fq
6
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.0
aliases GHSA-82mf-mmh7-hxp5, GMS-2021-65
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kd1u-jqk2-xkgb
6
url VCID-tmht-98ed-a3fq
vulnerability_id VCID-tmht-98ed-a3fq
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31406
reference_id CVE-2021-31406
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31406
2
reference_url https://github.com/advisories/GHSA-9h6g-6mxg-vvp4
reference_id GHSA-9h6g-6mxg-vvp4
reference_type
scores
url https://github.com/advisories/GHSA-9h6g-6mxg-vvp4
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-9h6g-6mxg-vvp4
reference_id GHSA-9h6g-6mxg-vvp4
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-9h6g-6mxg-vvp4
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.7
purl pkg:maven/com.vaadin/vaadin-bom@18.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-bud2-81n2-wyhc
4
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.7
1
url pkg:maven/com.vaadin/vaadin-bom@19.0.1
purl pkg:maven/com.vaadin/vaadin-bom@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-bud2-81n2-wyhc
4
vulnerability VCID-hemz-191r-fyej
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.1
aliases GHSA-9h6g-6mxg-vvp4, GMS-2021-66
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmht-98ed-a3fq
7
url VCID-tywj-48df-uqcb
vulnerability_id VCID-tywj-48df-uqcb
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31404
reference_id CVE-2021-31404
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31404
2
reference_url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@18.0.6
purl pkg:maven/com.vaadin/vaadin-bom@18.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r96-z5zh-cubc
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-9fku-daga-ebgv
3
vulnerability VCID-bud2-81n2-wyhc
4
vulnerability VCID-hemz-191r-fyej
5
vulnerability VCID-tmht-98ed-a3fq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.6
aliases GHSA-c6c4-7x48-4cqp, GMS-2021-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tywj-48df-uqcb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@17.0.6