Lucene search
GoogleOSV:CVE-2019-11808HistoryMay 07, 2019 - 7:29 a.m.
CVE-2019-11808
2019-05-0707:29:05
Google
osv.dev
3
Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK’s ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ratpack | eq | 1.2.0-rc-2 | |
| ratpack | eq | 0.9.12 | |
| ratpack | eq | 1.6.0-rc-2 | |
| ratpack | eq | 1.4.0-rc-2 | |
| ratpack | eq | 0.9.14 | |
| ratpack | eq | 1.2.0 | |
| ratpack | eq | 0.9.16 | |
| ratpack | eq | 1.6.0-rc-3 | |
| ratpack | eq | 0.9.9 | |
| ratpack | eq | 0.9.1 |
Related
prion
prion
Design/Logic Flaw
2019-05-07 07:29:00
nvd
nvd
CVE-2019-11808
2019-05-07 07:29:05
veracode
veracode
Insecure Random Number Generator
2019-05-08 02:23:53
cvelist
cvelist
CVE-2019-11808
2019-05-07 06:53:16
github
github
cve
cve
CVE-2019-11808
2019-05-07 07:29:05
osv
osv
