Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4MjYtOHZocS1oNDM5

Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

https://vaadin.com/security/cve-2021-31411

Permalink: https://github.com/advisories/GHSA-p826-8vhq-h439
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4MjYtOHZocS1oNDM5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago

CVSS Score: 6.3
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Identifiers: GHSA-p826-8vhq-h439, CVE-2021-31411
References:

Repository: https://github.com/vaadin/platform
Blast Radius: 22.9

Affected Packages

maven:com.vaadin:vaadin-bom

Dependent packages: 166
Dependent repositories: 4,379
Downloads:
Affected Version Ranges: >= 15.0.0, <= 19.0.2, >= 14.0.3, <= 14.5.2
Fixed in: 19.0.5, 14.5.3
All affected versions: 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.0.7, 14.0.8, 14.0.9, 14.0.10, 14.0.11, 14.0.12, 14.0.13, 14.0.14, 14.0.15, 14.1.0, 14.1.1, 14.1.2, 14.1.3, 14.1.4, 14.1.5, 14.1.16, 14.1.17, 14.1.18, 14.1.19, 14.1.20, 14.1.21, 14.1.22, 14.1.23, 14.1.24, 14.1.25, 14.1.26, 14.1.27, 14.1.28, 14.2.0, 14.2.1, 14.2.2, 14.2.3, 14.3.0, 14.3.1, 14.3.2, 14.3.3, 14.3.4, 14.3.5, 14.3.6, 14.3.7, 14.3.8, 14.3.9, 14.4.0, 14.4.1, 14.4.2, 14.4.3, 14.4.4, 14.4.5, 14.4.6, 14.4.7, 14.4.8, 14.4.9, 14.4.10, 14.5.0, 14.5.1, 14.5.2, 15.0.0, 15.0.1, 15.0.2, 15.0.3, 15.0.4, 15.0.5, 15.0.6, 16.0.0, 16.0.1, 16.0.2, 16.0.3, 16.0.4, 16.0.5, 17.0.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 18.0.0, 18.0.1, 18.0.2, 18.0.3, 18.0.4, 18.0.5, 18.0.6, 18.0.7, 19.0.0, 19.0.1, 19.0.2
All unaffected versions: 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.4.4, 7.4.5, 7.4.6, 7.4.7, 7.4.8, 7.5.0, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6, 7.5.7, 7.5.8, 7.5.9, 7.5.10, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 7.6.4, 7.6.5, 7.6.6, 7.6.7, 7.6.8, 7.7.0, 7.7.1, 7.7.2, 7.7.3, 7.7.4, 7.7.5, 7.7.6, 7.7.7, 7.7.8, 7.7.9, 7.7.10, 7.7.11, 7.7.12, 7.7.13, 7.7.14, 7.7.15, 7.7.16, 7.7.17, 7.7.23, 7.7.24, 7.7.25, 7.7.26, 7.7.27, 7.7.28, 7.7.29, 7.7.30, 7.7.31, 7.7.32, 7.7.33, 7.7.34, 7.7.35, 7.7.36, 7.7.37, 7.7.38, 7.7.39, 7.7.40, 7.7.41, 7.7.42, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.2.0, 8.2.1, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.4.5, 8.5.0, 8.5.1, 8.5.2, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.8.6, 8.9.0, 8.9.1, 8.9.2, 8.9.3, 8.9.4, 8.10.0, 8.10.1, 8.10.2, 8.10.3, 8.10.4, 8.10.5, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.12.4, 8.13.0, 8.13.1, 8.13.2, 8.13.3, 8.14.0, 8.14.1, 8.14.2, 8.14.3, 8.15.0, 8.15.1, 8.15.2, 8.16.0, 8.16.1, 8.17.0, 8.18.0, 8.19.0, 8.20.0, 8.20.1, 8.20.2, 8.20.3, 8.21.0, 8.22.0, 8.23.0, 8.24.0, 8.25.0, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 10.0.13, 10.0.14, 10.0.15, 10.0.16, 10.0.17, 10.0.18, 10.0.19, 10.0.20, 10.0.21, 10.0.22, 10.0.23, 10.0.24, 10.0.25, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 13.0.8, 13.0.9, 13.0.10, 13.0.11, 13.0.12, 13.0.13, 14.0.0, 14.0.1, 14.0.2, 14.5.3, 14.5.4, 14.5.5, 14.6.0, 14.6.1, 14.6.2, 14.6.3, 14.6.4, 14.6.5, 14.6.6, 14.6.7, 14.6.8, 14.6.9, 14.7.0, 14.7.1, 14.7.2, 14.7.3, 14.7.4, 14.7.5, 14.7.6, 14.7.7, 14.7.8, 14.8.0, 14.8.1, 14.8.2, 14.8.3, 14.8.4, 14.8.5, 14.8.6, 14.8.7, 14.8.8, 14.8.9, 14.8.10, 14.8.11, 14.8.12, 14.8.13, 14.8.14, 14.8.15, 14.8.16, 14.8.17, 14.8.18, 14.8.19, 14.8.20, 14.9.0, 14.9.1, 14.9.2, 14.9.3, 14.9.4, 14.9.5, 14.9.6, 14.9.7, 14.9.8, 14.10.0, 14.10.1, 14.10.2, 14.10.3, 14.10.4, 14.10.5, 14.10.6, 14.10.7, 14.10.8, 14.10.9, 14.10.10, 14.10.11, 14.10.12, 14.11.0, 14.11.1, 14.11.2, 14.11.3, 14.11.4, 14.11.5, 14.11.6, 14.11.7, 14.11.8, 19.0.3, 19.0.4, 19.0.5, 19.0.6, 19.0.7, 19.0.8, 19.0.9, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 20.0.5, 20.0.6, 20.0.7, 20.0.8, 21.0.0, 21.0.1, 21.0.2, 21.0.3, 21.0.4, 21.0.5, 21.0.6, 21.0.7, 21.0.8, 21.0.9, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.0.5, 22.0.6, 22.0.7, 22.0.8, 22.0.9, 22.0.10, 22.0.11, 22.0.12, 22.0.13, 22.0.14, 22.0.15, 22.0.16, 22.0.17, 22.0.18, 22.0.20, 22.0.21, 22.0.22, 22.0.23, 22.0.24, 22.0.25, 22.0.26, 22.0.27, 22.0.28, 22.1.0, 22.1.1, 22.1.2, 22.1.3, 22.1.4, 22.1.5, 22.1.6, 22.2.0, 22.2.1, 22.2.2, 23.0.0, 23.0.1, 23.0.2, 23.0.3, 23.0.4, 23.0.5, 23.0.6, 23.0.7, 23.0.8, 23.0.9, 23.0.10, 23.0.11, 23.0.12, 23.0.13, 23.0.14, 23.0.15, 23.0.16, 23.1.0, 23.1.1, 23.1.2, 23.1.3, 23.1.4, 23.1.6, 23.1.7, 23.1.8, 23.1.9, 23.1.10, 23.1.11, 23.1.12, 23.1.13, 23.1.14, 23.1.15, 23.1.16, 23.1.17, 23.2.0, 23.2.1, 23.2.2, 23.2.3, 23.2.4, 23.2.5, 23.2.6, 23.2.7, 23.2.8, 23.2.9, 23.2.10, 23.2.11, 23.2.12, 23.2.13, 23.2.14, 23.2.15, 23.2.16, 23.2.17, 23.3.0, 23.3.1, 23.3.2, 23.3.3, 23.3.4, 23.3.5, 23.3.6, 23.3.7, 23.3.8, 23.3.9, 23.3.10, 23.3.11, 23.3.12, 23.3.13, 23.3.14, 23.3.15, 23.3.16, 23.3.17, 23.3.18, 23.3.19, 23.3.20, 23.3.21, 23.3.22, 23.3.23, 23.3.24, 23.3.25, 23.3.26, 23.3.27, 23.3.28, 23.3.29, 23.3.30, 23.3.31, 23.3.32, 23.3.33, 23.4.0, 23.5.0, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.0.4, 24.0.5, 24.0.6, 24.0.7, 24.0.8, 24.0.9, 24.0.10, 24.0.11, 24.0.12, 24.0.13, 24.0.14, 24.1.0, 24.1.1, 24.1.2, 24.1.3, 24.1.4, 24.1.5, 24.1.6, 24.1.7, 24.1.8, 24.1.9, 24.1.10, 24.1.11, 24.1.12, 24.1.13, 24.1.14, 24.1.15, 24.1.16, 24.2.0, 24.2.1, 24.2.2, 24.2.3, 24.2.4, 24.2.5, 24.2.6, 24.2.7, 24.2.8, 24.2.9, 24.2.10, 24.2.11, 24.2.12, 24.3.0, 24.3.1, 24.3.2, 24.3.3, 24.3.4, 24.3.5, 24.3.6, 24.3.7, 24.3.8, 24.3.9