0.001 Low
EPSS
Percentile
27.9%
flow-server uses an insecure session management. The server session is not invalidated when the logout() helper method of Authentication module is used via a HTTP GET request.
logout()
github.com/advisories/GHSA-6hgr-2g6q-3rmc
github.com/advisories/GHSA-mr8h-j9cv-4m8h
github.com/vaadin/flow/pull/10577
vaadin.com/security/cve-2021-31408