CVE-2021-31410

Summary

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

Affected Software

VendorProductVersion RangeStatus
VaadinDesigner4.3.0 < *affected

Weaknesses

  • CWE-402: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')

ADP Enrichment

CVE Program Container

Additional References

References