2 matches found
Cross site scripting
All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...
CVE-2019-10770
The CVE-2019-10770 entry affects io.ratpack:ratpack-core. The vulnerability is an XSS in the development mode error handler when an exception message contains untrusted data; the production-mode error handler is not vulnerable. Affected versions are Ratpack-core 0.9.10 up to, but not including, 1...