{"id":"CVE-2021-31410","details":"Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.","modified":"2026-03-14T10:55:47.758832Z","published":"2021-04-23T17:15:08.297Z","references":[{"type":"ADVISORY","url":"https://vaadin.com/security/cve-2021-31410"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vaadin/designer","events":[{"introduced":"1268971d1fa02290ae1d4ffc5988f3624f3e3311"},{"fixed":"ee55ff2aea1020e57382cf1adca4a13fface72ff"}],"database_specific":{"versions":[{"introduced":"4.3.0"},{"fixed":"4.6.4"}]}}],"versions":["4.3.0.final","4.3.1","4.3.10","4.3.11","4.3.12","4.3.2","4.3.3","4.3.4","4.3.5","4.3.6","4.3.7","4.3.8","4.3.9","4.4.0","4.4.1","4.4.2","4.5.0","4.5.1","4.5.10","4.5.11","4.5.12","4.5.13","4.5.2","4.5.3","4.5.4","4.5.5","4.5.6","4.5.7","4.5.8","4.5.9","4.6.1","4.6.2","4.6.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31410.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}