CVE-2021-31410

HIGH

Vaadin Designer <4.6.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://vaadin.com/security/cve-2021-31410

Scores

CVSS v3 8.6
EPSS 0.0169
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-668 CWE-402
Status published
Products (1)
vaadin/designer 4.3.0 - 4.6.4
Published Apr 23, 2021
Tracked Since Feb 18, 2026