CVE-2021-31407

high

Description

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

References

Advisories
More

https://github.com/vaadin/osgi/issues/50

https://github.com/vaadin/flow/pull/10269

https://github.com/vaadin/flow/pull/10229

https://vaadin.com/security/cve-2021-31407

Details

Source: Mitre, NVD

Published: 2021-04-23

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01802