CVE-2021-31410

HIGH

Vaadin Designer <4.6.3 - Info Disclosure

Title source: llm

Description

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

References (1)

[Vendor Advisory] https://vaadin.com/security/cve-2021-31410

Scores

CVSS v3 8.6

EPSS 0.0028

EPSS Percentile 51.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-668 CWE-402

Status published

Affected Products (1)

vaadin/designer < 4.6.4

Timeline

Published Apr 23, 2021

Tracked Since Feb 18, 2026