What is CVE-2021-31411?

CVE-2021-31411 is a medium-severity vulnerability in Vaadin Flow-server, classified under Creation of Temporary File in Directory with Insecure Permissions. CVSS score: 6.3/10. Published 2021-05-05.

How severe is CVE-2021-31411?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Vaadin Flow-server

CVE-2021-31411

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0…

EPSS: 0.000 (15.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Vaadin Flow-server — versions 2.0.9
Vaadin — versions 14.0.3

Weakness classification (CWE)

CWE-379 — Creation of Temporary File in Directory with Insecure Permissions

References

vaadin.com/security/cve-2021-31411 (x_refsource_CONFIRM)
github.com/vaadin/flow/pull/10640 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-31411?: CVE-2021-31411 is a medium-severity vulnerability in Vaadin Flow-server, classified under Creation of Temporary File in Directory with Insecure Permissions. CVSS score: 6.3/10. Published 2021-05-05.
How severe is CVE-2021-31411?: Medium severity. CVSS v3 base score is 6.3 out of 10.