CVE-2021-31410
23.04.2021, 17:15
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
| Vendor | Product | Version |
|---|---|---|
| vaadin | designer | 4.3.0 ≤ 𝑥 < 4.6.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.