CVE-2019-11808

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs...

EUVD-2021-1431

Malware in sbrugna...

EUVD-2021-1496

Malware in sbrugna...

EUVD-2021-1475

Malware in sbrugna...

EUVD-2020-0274

Malware in sbrugna...

EUVD-2021-1484

Malware in sbrugna...

EUVD-2019-0451

Malware in sbrugna...

EUVD-2019-0708

Malware in sbrugna...

CVE-2021-29485

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

CVE-2021-29479

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerab...

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

CVE-2019-17513

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ratpack

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ratpack, an open source software. These vulnerabilities are difficult to expolit since it is an internal component protected from direct access. Vulnerability Details CVEID: CVE-2021-29479 DESCRIPTION: Ratpac...

GHSA-W6RQ-6H34-VH7Q Cached redirect poisoning via X-Forwarded-Host header

A user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable if they do not configure a custom PublicAddress instance. A custom...

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +90 more potentially affected by CVE-2021-29479 via io.ratpack:ratpack-core (>=0.9.0 <=1.9.0-rc-2)

io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2021-29479 Source advisory: OSV:GHSA-W6RQ-6H34-VH7Q...

Cached redirect poisoning via X-Forwarded-Host header

A user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable if they do not configure a custom PublicAddress instance. A custom...

Ratpack's default client side session signing key is highly predictable

Impact The client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is not on by default, the session data could be tampered with by someone with...

com.github.grooviter:gql-ratpack (=0.5.0), io.ratpack:ratpack-pac4j (>=0.9.3 <=1.10.0-milestone-39) +3 more potentially affected by CVE-2021-29480 via io.ratpack:ratpack-session (>=0.9.10 <=1.9.0-rc-2)

io.ratpack:ratpack-session MAVEN version =0.9.10, =0.9.3, =1.0.0, =1.9.0-rc-1, =1.4.6, =3.0.0 Source cves: CVE-2021-29480 Source advisory: OSV:GHSA-2CC5-23R7-VC4V...