GCVE - cpe:2.3:a:vaadin:flow:6.0.0:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:vaadin:flow:6.0.0:-:*:*:*:*:*:*

part: a version: 6.0.0 update: -

Vendor	Vaadin (`34b94bf1-d464-500e-83b4-751a8d81d66e`)
Product	Flow (`cb601a41-51d5-5bb3-9e98-26db4e7a9a3f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/vaadin/flow`	purl2cpe	2026-06-01 10:12:05.658089

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-31406`	vulnerable	2026-06-03 14:44:33.091095	Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 MEDIUM (4) Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack. Published: 2021-04-23T16:05:41.375Z Updated: 2024-09-17T00:02:31.310Z Open on db.gcve.eu Reference links https://vaadin.com/security/cve-2021-31406 https://github.com/vaadin/flow/pull/10157	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.