3 matches found
CVE-2021-29481
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...
CVE-2021-29481
CVE-2021-29481 affects Ratpack versions before 1.9.0, where the default client-side session configuration stores data in cookies in an unencrypted but signed form. This can allow an attacker with cookie access to read sensitive information if such data is stored in the session and the cookie is l...
CVE-2021-29481 Client side sessions should not allow unencrypted storage
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...