Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
•added 2025/05/22 7:36 p.m.•9 views

CVE-2021-29479

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerab...

7CVSS6.5AI score0.00857EPSS
Exploits1References1
vulnersOsv
vulnersOsv
•added 2021/07/01 5:2 p.m.•5 views

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +90 more potentially affected by CVE-2021-29479 via io.ratpack:ratpack-core (>=0.9.0 <=1.9.0-rc-2)

io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2021-29479 Source advisory: OSV:GHSA-W6RQ-6H34-VH7Q...

7CVSS6.3AI score0.00857EPSS
Exploits1
Cvelist
Cvelist
•added 2021/06/29 2:35 p.m.•32 views

CVE-2021-29479 Cached redirect poisoning via X-Forwarded-Host header

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerab...

7CVSS6.9AI score0.00857EPSS
Exploits1References2
CVE
CVE
•added 2021/06/29 2:35 p.m.•79 views

CVE-2021-29479

Summary: Ratpack before 1.9.0 is vulnerable to cache poisoning via the X-Forwarded-Host header. If the cache key does not include X-Forwarded-Host and a custom PublicAddress is not configured, Ratpack’s default inferring PublicAddress can be exploited to redirect cached responses to an attacker s...

7CVSS6.4AI score0.00857EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder