How severe is CVE-2021-31404?

This vulnerability has a severity rating of LOW with a CVSS score of 2.5 out of 10.

What type of vulnerability is CVE-2021-31404?

This is classified as CWE-208, which is a common weakness in software security.

CVE-2021-31404

LOW Year: 2021

CVSS v3 Score

2.5

Low

CVSS v2 Score

1.9

Low

Weakness Type

CWE-208

View all →

Vulnerability Description

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.

CVE-2021-31403

LOW

CVSS:2.5(Low)

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 thro...

CWE-2082021

CVE-2021-31406

LOW

CVSS:2.5(Low)

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6....

CWE-2082021

CVE-2020-4071

LOW

CVSS:2.4(Low)

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set....

CWE-2082020

CVE-2025-46570

LOW

CVSS:2.6(Low)

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the pref...

CWE-2082025

CVE-2024-40640

LOW

CVSS:2.9(Low)

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group ...

CWE-2082024

CVE-2024-21671

LOW

CVSS:3.7(Low)

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the respon...