Search for packages
| purl | pkg:maven/com.vaadin/flow@5.0.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-93dy-76qc-8fb7
Aliases: CVE-2021-31408 GHSA-mr8h-j9cv-4m8h |
Insufficient Session Expiration Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out. |
Affected by 2 other vulnerabilities. |
|
VCID-bud2-81n2-wyhc
Aliases: CVE-2021-31411 GHSA-p826-8vhq-h439 |
Insecure Temporary File Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server allows local users to inject malicious code into frontend resources during application rebuilds. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2fz6-rucr-xqax | Information Exposure Through Discrepancy Non-constant-time comparison of CSRF tokens in endpoint request handler allows attacker to guess a security token for Fusion endpoints via timing attack. |
CVE-2021-31406
GHSA-p7jq-v8jp-j424 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:50:27.646811+00:00 | GitLab Importer | Affected by | VCID-bud2-81n2-wyhc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.vaadin/flow/CVE-2021-31411.yml | 38.6.0 |
| 2026-06-04T20:50:05.119040+00:00 | GitLab Importer | Affected by | VCID-93dy-76qc-8fb7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.vaadin/flow/CVE-2021-31408.yml | 38.6.0 |
| 2026-06-04T16:21:05.269707+00:00 | GitLab Importer | Fixing | VCID-2fz6-rucr-xqax | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.vaadin/flow/CVE-2021-31406.yml | 38.6.0 |