CVE-2021-31412: Exposure of Resource to Wrong Sphere

June 24, 2021 (updated October 25, 2022)

Improper sanitization of path in default RouteNotFoundError view allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.

References

nvd.nist.gov/vuln/detail/CVE-2021-31412
vaadin.com/security/cve-2021-31412

Code Behaviors & Features

Detect and mitigate CVE-2021-31412 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →