EUVD-2021-1496

Malware in sbrugna...

CVE-2021-29485

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

Ratpack has an unspecified vulnerability

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in versions of Ratpack prior to 1.9.0, which can be exploited by attackers to force a cache redirection to their site...

Unspecified vulnerability in Ratpack (CNVD-2021-52413)

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from the client-side session module defaulting to using the application startup time as the signing key, and can be exploited by an attacker to tamper...

Unspecified vulnerability in Ratpack (CNVD-2021-52416)

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which can be exploited by an attacker to achieve remote code execution via a maliciously crafted chain of Java deserialization gadgets targeting Ratpack session...

Ratpack 安全漏洞

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from a default configuration of a client session that results in unencrypted but signed data being set as a cookie value. An attacker could exploit th...

GHSA-R2WF-Q3X4-HRV9 Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

GHSA-MVQP-Q37C-WF9J io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' Versions of Ratpack 0.9.1 through and including 1.7.4 are vulnerable to HTTP Response Splitting, if untrusted and unsanitized data is used to populate the headers of an HTTP response. An attacker can...