admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-314xx/CVE-2021-31412.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

207 lines
7.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-31412",
"sourceIdentifier": "security@vaadin.com",
"published": "2021-06-24T12:15:08.090",
"lastModified": "2022-10-25T19:33:07.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided."
},
{
"lang": "es",
"value": "Un saneamiento inapropiado de la ruta en la vista RouteNotFoundError predeterminada en com.vaadin:flow-server versiones 1.0.0 hasta 1.0.14 (Vaadin versiones 10.0.0 hasta 10.0.18), versiones 1.1.0 anteriores a 2.0.0 (Vaadin versiones 11 anterior a 14), versiones 2.0.0 hasta 2.6.1 (Vaadin versiones 14.0.0 hasta 14. 6.1), y versiones 3.0.0 hasta 6.0.9 (Vaadin versiones 15.0.0 hasta 19.0.8) permite a un atacante de red enumerar todas las rutas disponibles por medio de una petici\u00f3n HTTP dise\u00f1ada cuando la aplicaci\u00f3n se ejecuta en modo de producci\u00f3n y un controlador personalizado para o NotFoundException es proporcionado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@vaadin.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "security@vaadin.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "1.0.14",
"matchCriteriaId": "08B5A131-071A-4AEC-9F0B-8BF6D38DC85C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.4.0",
"matchCriteriaId": "4F232EDE-AF65-4AA2-846E-3C7A34DA8928"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "2.6.1",
"matchCriteriaId": "DAF9CA63-A40E-474E-9BE9-8A86A1C2B129"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndIncluding": "5.0.0",
"matchCriteriaId": "2CA90E82-620F-46C0-AB1F-05804328BB54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.9",
"matchCriteriaId": "1551D996-DB49-4E39-9423-BD3CBA2029FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndIncluding": "10.0.18",
"matchCriteriaId": "6AAF5648-26F2-4D08-838B-3B3C2E0954D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndIncluding": "13.0.0",
"matchCriteriaId": "85960C27-DA5B-4215-9C34-4789F32EF260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndIncluding": "14.6.1",
"matchCriteriaId": "4367271F-BC87-4C32-BBFC-F9F97ACD2D33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndIncluding": "18.0.0",
"matchCriteriaId": "DC99FEC9-DABA-4E7E-AA04-67146840B360"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0.0",
"versionEndIncluding": "19.0.8",
"matchCriteriaId": "64FCA0F3-0104-490C-B8CA-860B52BCAC29"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vaadin/flow/pull/11107",
"source": "security@vaadin.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://vaadin.com/security/cve-2021-31412",
"source": "security@vaadin.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink