CVE-2021-31411

Published
View on NVD ↗
CVSS v3
6.3
MEDIUM
CVSS v2
4.6
MEDIUM
Affected
1
PROJECT

Description

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

vaadin/flow
vaadin/flow
Vaadin Flow is a Java framework binding Vaadin web components to Java. This is part of Vaadin 10+.
GitHubGitHub
741