5 matches found
CVE-2021-29485
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...
com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +90 more potentially affected by CVE-2021-29485 via io.ratpack:ratpack-core (>=0.9.0 <=1.9.0-rc-2)
io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2021-29485 Source advisory: OSV:GHSA-HC33-32VW-RPP9...
CVE-2021-29485
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...
CVE-2021-29485
Ratpack vulnerability CVE-2021-29485 affects versions before 1.9.0 when using Ratpack's session storage. An attacker can achieve remote code execution by crafting a Java deserialization gadget chain in the session data, provided the application writes to the session store. If an application does ...
CVE-2021-29485 Remote Code Execution Vulnerability in Session Storage
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...