Lucene search
GoogleOSV:CVE-2019-17513HistoryOct 18, 2019 - 3:15 a.m.
CVE-2019-17513
2019-10-1803:15:09
Google
osv.dev
1
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ratpack | eq | 1.2.0-rc-2 | |
| ratpack | eq | 0.9.12 | |
| ratpack | eq | 1.6.0-rc-2 | |
| ratpack | eq | 1.4.0-rc-2 | |
| ratpack | eq | 1.7.4 | |
| ratpack | eq | 0.9.14 | |
| ratpack | eq | 1.2.0 | |
| ratpack | eq | 0.9.16 | |
| ratpack | eq | 1.6.0-rc-3 | |
| ratpack | eq | 0.9.9 |
Related
prion
prion
Design/Logic Flaw
2019-10-18 03:15:00
veracode
veracode
HTTP Response Splitting
2019-10-21 07:28:16
cve
cve
CVE-2019-17513
2019-10-18 03:15:09
nvd
nvd
CVE-2019-17513
2019-10-18 03:15:09
osv
osv
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
2019-10-21 16:08:43
HTTP Response Splitting in Styx
2020-03-03 15:32:03
cvelist
cvelist
CVE-2019-17513
2019-10-18 02:36:25
github
github
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
2019-10-21 16:08:43
HTTP Response Splitting in Styx
2020-03-03 15:32:03
