3 matches found
CVE-2019-11808
Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ratpack
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ratpack. Vulnerability Details CVEID: CVE-2019-11808 DESCRIPTION: Ratpack could allow a remote attacker to obtain sensitive information, caused by the use of a weak PRNG to generate session ID in JDK's...
com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5), gradle.plugin.com.bytekast:serverless-local-apigateway (>=0.4 <=0.5) +1 more potentially affected by CVE-2019-11808 via io.ratpack:ratpack-groovy (>=0.9.0 <=1.6.0)
io.ratpack:ratpack-groovy MAVEN version =0.9.0, =0.4, =0.4, =0.9.0, =1.10.0-milestone-39 Source cves: CVE-2019-11808 Source advisory: OSV:GHSA-54MG-VGRP-MWX9...