Vaadin Vaadin 19.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:vaadin:vaadin:19.0.0:-:*:*:*:*:*:*
part: a version: 19.0.0 update: -
| Vendor | Vaadin (34b94bf1-d464-500e-83b4-751a8d81d66e) |
|---|---|
| Product | Vaadin (d10dbc0c-1baf-5094-9d38-78f594d3105f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/vaadin/framework |
purl2cpe | 2026-06-01 10:12:05.482803 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-31407 |
vulnerable | 2026-06-03 14:44:33.092255 |
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
HIGH (8.6)
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
Published: 2021-04-23T16:05:41.485Z
Updated: 2024-09-16T17:17:43.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31406 |
vulnerable | 2026-06-03 14:44:33.091659 |
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
MEDIUM (4)
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack.
Published: 2021-04-23T16:05:41.375Z
Updated: 2024-09-17T00:02:31.310Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.