7 matches found
CVE-2019-17513
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ratpack
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ratpack. Vulnerability Details CVEID: CVE-2019-11808 DESCRIPTION: Ratpack could allow a remote attacker to obtain sensitive information, caused by the use of a weak PRNG to generate session ID in JDK's...
GHSA-6V7P-V754-J89V HTTP Response Splitting in Styx
Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...
HTTP Response Splitting in Styx
Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...
com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-17513 via io.ratpack:ratpack-core (>=0.9.0 <=1.7.4)
io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-17513 Source advisory: OSV:GHSA-MVQP-Q37C-WF9J...
CVE-2019-17513
CVE-2019-17513 affects Ratpack before 1.7.5. The root cause is misuse of Netty’s DefaultHttpHeaders with validation disabled, allowing untrusted input used in HTTP headers to cause HTTP Response Splitting (CRLF injection). Upgrading Ratpack to 1.7.5 (or later) patches the issue by restoring heade...
com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-17513 via io.ratpack:ratpack-core (>=0.9.10 <=1.7.4)
io.ratpack:ratpack-core MAVEN version =0.9.10, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-17513 Source advisory: SNYK:JAVA-IORATPACK-473841...