CVE-2021-31404 – Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
https://notcve.org/view.php?id=CVE-2021-31404
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack. La comparación non-constant-time de tokens CSRF en el manejador de peticiones UIDL en com.vaadin:flow-server versiones 1.0.0 hasta 1.0.13 (Vaadin versiones 10.0.0 hasta 10.0.16), versiones 1.1.0 anteriores a 2.0.0 (Vaadin versiones 11 anteriores a 14), versiones 2.0.0 hasta 2.4.6 (Vaadin versiones 14.0.0 hasta 14.4.6), versiones 3.0.0 anteriores a 5.0.0 (Vaadin versiones 15 anteriores a 18) y versiones 5.0.0 hasta 5.0.2 (Vaadin versiones 18.0.0 hasta 18.0.5), permite al atacante adivinar un token de seguridad por medio de un ataque de sincronización • https://github.com/vaadin/flow/pull/9875 https://vaadin.com/security/cve-2021-31404 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVE-2020-36321 – Directory traversal in development mode handler in Vaadin 14 and 15-17
https://notcve.org/view.php?id=CVE-2020-36321
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. Una comprobación incorrecta de URL en el controlador del modo de desarrollo en com.vaadin:flow-server versiones 2.0.0 hasta 2.4.1 (Vaadin versiones 14.0.0 hasta 14.4.2) y versiones 3.0 anteriores a 5.0 (Vaadin versiones 15 anteriores a 18), permiten al atacante pedir archivos arbitrarios almacenados fuera de la carpeta de recursos de la interfaz prevista • https://github.com/vaadin/flow/pull/9392 https://vaadin.com/security/cve-2020-36321 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-7082
https://notcve.org/view.php?id=CVE-2013-7082
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. Vulnerabilidad de tipo cross-site scripting (XSS) en el método errorAction en la clase base ActionController en TYPO3 Flow (anteriormente FLOW3) versiones 1.1.x anteriores a 1.1.1 y versiones 2.0.x anteriores a 2.0.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de una entrada no especificada, que es devuelta en un mensaje de error. • http://osvdb.org/100825 http://secunia.com/advisories/55996 http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa-2013-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/89614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •