Lucene search

K

Ratpack Security Vulnerabilities

cve
cve

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is...

4.4CVSS

4.2AI Score

0.001EPSS

2021-06-29 07:15 PM
47
cve
cve

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

7.5CVSS

7.2AI Score

0.001EPSS

2021-06-29 07:15 PM
47
2
cve
cve

CVE-2021-29485

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session.....

9.9CVSS

8.8AI Score

0.002EPSS

2021-06-29 07:15 PM
44
4
cve
cve

CVE-2021-29479

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only...

7CVSS

6.4AI Score

0.001EPSS

2021-06-29 03:15 PM
49
cve
cve

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to.....

6.1CVSS

6AI Score

0.001EPSS

2020-01-28 01:15 AM
73
cve
cve

CVE-2019-17513

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can...

7.5CVSS

7.3AI Score

0.001EPSS

2019-10-18 03:15 AM
205
cve
cve

CVE-2019-11808

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session...

3.7CVSS

4.4AI Score

0.001EPSS

2019-05-07 07:29 AM
40