Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 up to and including 7.7.23 (Vaadin 7.0.0 up to and including 7.7.23), and 8.0.0 up to and including 8.12.2 (Vaadin 8.0.0 up to and including 8.12.2) allows malicious user to guess a security token via timing attack
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|