Timing Attack Affecting com.vaadin:vaadin-server Open this link in a new tab package, versions [0,8.12.3)
Attack Complexity
High
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-COMVAADIN-1069817
-
published
17 Feb 2021
-
disclosed
28 Jan 2021
-
credit
TatuLund
Introduced: 28 Jan 2021
CWE-208 Open this link in a new tabHow to fix?
Upgrade com.vaadin:vaadin-server
to version 8.12.3 or higher.
Overview
com.vaadin:vaadin-server is a Java framework for modern Java web applications.
Affected versions of this package are vulnerable to Timing Attack by using CSRF.