Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.vaadin/vaadin-server@18.0.0

Type maven

Namespace com.vaadin

Name vaadin-server

Version 18.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-93dy-76qc-8fb7

vulnerability_id VCID-93dy-76qc-8fb7

summary

Insufficient Session Expiration
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31408

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.15139
published_at	2026-06-04T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15215
published_at	2026-06-06T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15225
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31408

reference_url

https://github.com/vaadin/flow/pull/10577

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/flow/pull/10577

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-31408

reference_id

CVE-2021-31408

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-31408

reference_url

https://vaadin.com/security/cve-2021-31408

reference_id

CVE-2021-31408

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://vaadin.com/security/cve-2021-31408

reference_url	https://github.com/advisories/GHSA-mr8h-j9cv-4m8h
reference_id	GHSA-mr8h-j9cv-4m8h
reference_type
scores
url	https://github.com/advisories/GHSA-mr8h-j9cv-4m8h

reference_url

https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h

reference_id

GHSA-mr8h-j9cv-4m8h

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h

fixed_packages

url	pkg:maven/com.vaadin/vaadin-server@19.0.4
purl	pkg:maven/com.vaadin/vaadin-server@19.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-server@19.0.4

aliases CVE-2021-31408, GHSA-mr8h-j9cv-4m8h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93dy-76qc-8fb7

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-server@18.0.0

Package Instance