CVE-2021-31410 – Project sources exposure in Vaadin Designer

https://notcve.org/view.php?id=CVE-2021-31410

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. Una configuración demasiado relajada del servidor de recursos frontend en Vaadin Designer versiones 4.3.0 hasta 4.6.3, permite a atacantes remotos acceder a fuentes del proyecto por medio de una petición HTTP diseñada • https://vaadin.com/security/cve-2021-31410 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-668: Exposure of Resource to Wrong Sphere •