Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSnykCVELIST:CVE-2019-10770
HistoryJan 28, 2020 - 12:21 a.m.

CVE-2019-10770

2020-01-2800:21:46
snyk
www.cve.org

0.001 Low

EPSS

Percentile

37.5%

JSON

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode.

CNA Affected

[
  {
    "product": "io.ratpack:ratpack-core",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "all versions from 0.9.10 inclusive and before 1.7.6"
      }
    ]
  }
]

Related

veracode 1
prion 1
github 1
osv 1
cve 1
nvd 1
veracode
veracode
Cross-site Scripting (XSS)
2020-01-28 13:39:43
prion
prion
Cross site scripting
2020-01-28 01:15:00
github
github
Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
2020-01-27 19:28:20
osv
osv
Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
2020-01-27 19:28:20
cve
cve
CVE-2019-10770
2020-01-28 01:15:10
nvd
nvd
CVE-2019-10770
2020-01-28 01:15:10

0.001 Low

EPSS

Percentile

37.5%

JSON
Related for CVELIST:CVE-2019-10770
veracode1prion1github1osv1cve1nvd1