Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/flow-client@5.0.0
Typemaven
Namespacecom.vaadin
Nameflow-client
Version5.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.5
Latest_non_vulnerable_version23.0.9
Affected_by_vulnerabilities
0
url VCID-93dy-76qc-8fb7
vulnerability_id VCID-93dy-76qc-8fb7
summary 
Insufficient Session Expiration
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31408
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15139
published_at 2026-06-04T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15172
published_at 2026-06-07T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.15215
published_at 2026-06-06T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15225
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31408
1
reference_url https://github.com/vaadin/flow/pull/10577
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10577
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31408
reference_id CVE-2021-31408
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31408
3
reference_url https://vaadin.com/security/cve-2021-31408
reference_id CVE-2021-31408
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31408
4
reference_url https://github.com/advisories/GHSA-mr8h-j9cv-4m8h
reference_id GHSA-mr8h-j9cv-4m8h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr8h-j9cv-4m8h
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h
reference_id GHSA-mr8h-j9cv-4m8h
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h
fixed_packages
0
url pkg:maven/com.vaadin/flow-client@6.0.5
purl pkg:maven/com.vaadin/flow-client@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-client@6.0.5
aliases CVE-2021-31408, GHSA-mr8h-j9cv-4m8h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93dy-76qc-8fb7
1
url VCID-rz3g-vj4c-yyex
vulnerability_id VCID-rz3g-vj4c-yyex
summary Cross-Site Request Forgery (CSRF) in com.vaadin:flow-client.
references
0
reference_url https://github.com/vaadin/flow
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow
1
reference_url https://github.com/vaadin/flow/commit/815b967fc84fefa8d3a4d72b9a036f48b0d96326
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/commit/815b967fc84fefa8d3a4d72b9a036f48b0d96326
2
reference_url https://github.com/vaadin/flow/pull/10577
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10577
3
reference_url https://vaadin.com/security/cve-2021-31408
reference_id CVE-2021-31408
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31408
4
reference_url https://github.com/advisories/GHSA-6hgr-2g6q-3rmc
reference_id GHSA-6hgr-2g6q-3rmc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6hgr-2g6q-3rmc
5
reference_url https://github.com/vaadin/flow/security/advisories/GHSA-6hgr-2g6q-3rmc
reference_id GHSA-6hgr-2g6q-3rmc
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/security/advisories/GHSA-6hgr-2g6q-3rmc
fixed_packages
0
url pkg:maven/com.vaadin/flow-client@6.0.5
purl pkg:maven/com.vaadin/flow-client@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-client@6.0.5
aliases GHSA-6hgr-2g6q-3rmc, GMS-2021-139
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rz3g-vj4c-yyex
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow-client@5.0.0