Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/54396?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54396?format=api", "vulnerability_id": "VCID-yu3h-ecpv-qyhu", "summary": "Exposure of Resource to Wrong Sphere\nA vulnerability in the OSGi integration in `com.vaadin:flow-server` allows attackers to access application classes and resources on the server via crafted HTTP request.", "aliases": [ { "alias": "CVE-2021-31407" }, { "alias": "GHSA-25xc-jwfq-39jw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80513?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/80512?format=api", "purl": "pkg:maven/com.vaadin/flow-server@6.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@6.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80514?format=api", "purl": "pkg:maven/com.vaadin/flow-server@6.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@6.0.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80460?format=api", "purl": "pkg:maven/com.vaadin/flow-client@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-client@12.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80435?format=api", "purl": "pkg:maven/com.vaadin/flow-client@19.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fz6-rucr-xqax" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-client@19.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80510?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/302217?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/302218?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/302219?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/302220?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/302221?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/302222?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/302223?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/302224?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/302225?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cd2n-d7w1-mfc6" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/80356?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/303038?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/303039?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/303040?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/303041?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/303042?format=api", "purl": "pkg:maven/com.vaadin/flow-server@1.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@1.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/80492?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-rqmz-fd9j-ykea" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/302967?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/302968?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/302969?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/302970?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/302971?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/302972?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/302973?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/302974?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/80645?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-jxzf-6sus-t7et" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/302975?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/302976?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/302977?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/302978?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/302979?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/302980?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/302981?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/302982?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/302983?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/302984?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/302985?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.0.beta2" }, { "url": "http://public2.vulnerablecode.io/api/packages/302986?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/302987?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/302988?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/302989?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/302990?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/302991?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/302992?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/302993?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/302994?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/302995?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/302996?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.2.0.alpha11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.2.0.alpha11" }, { "url": "http://public2.vulnerablecode.io/api/packages/302997?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/302998?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/302999?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/303000?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/303001?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/303002?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/303003?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/303004?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/303005?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/303006?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/303007?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/303008?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/303009?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/303010?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80503?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5nk4-urbw-suee" }, { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80504?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/303011?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/303012?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/303013?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/80493?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hqrf-7nbq-9bdw" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/80499?format=api", "purl": "pkg:maven/com.vaadin/flow-server@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@2.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/80511?format=api", "purl": "pkg:maven/com.vaadin/flow-server@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fz6-rucr-xqax" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80512?format=api", "purl": "pkg:maven/com.vaadin/flow-server@6.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-server@6.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80500?format=api", "purl": "pkg:maven/com.vaadin/vaadin-compatibility-server@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-compatibility-server@12.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80501?format=api", "purl": "pkg:maven/com.vaadin/vaadin-compatibility-server@19.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-compatibility-server@19.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80440?format=api", "purl": "pkg:maven/com.vaadin/vaadin-server@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-server@12.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80441?format=api", "purl": "pkg:maven/com.vaadin/vaadin-server@19.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fz6-rucr-xqax" }, { "vulnerability": "VCID-yu3h-ecpv-qyhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-server@19.0.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01802", "scoring_system": "epss", "scoring_elements": "0.83139", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31407" }, { "reference_url": "https://github.com/vaadin/flow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vaadin/flow" }, { "reference_url": "https://github.com/vaadin/flow/pull/10229", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vaadin/flow/pull/10229" }, { "reference_url": "https://github.com/vaadin/flow/pull/10269", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vaadin/flow/pull/10269" }, { "reference_url": "https://github.com/vaadin/flow/security/advisories/GHSA-25xc-jwfq-39jw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vaadin/flow/security/advisories/GHSA-25xc-jwfq-39jw" }, { "reference_url": "https://github.com/vaadin/osgi/issues/50", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vaadin/osgi/issues/50" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31407", "reference_id": "CVE-2021-31407", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31407" }, { "reference_url": "https://vaadin.com/security/cve-2021-31407", "reference_id": "CVE-2021-31407", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vaadin.com/security/cve-2021-31407" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 668, "name": "Exposure of Resource to Wrong Sphere", "description": "The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 402, "name": "Transmission of Private Resources into a New Sphere ('Resource Leak')", "description": "The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu3h-ecpv-qyhu" }