Ratpack Security Vulnerabilities and Issues — Ratpack CVE List

Lucene search

Ratpack ProjectRatpack

3 matches found

cve•added 2019/10/18 3:15 a.m.•222 views

CVE-2019-17513

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.

7.5CVSS7.3AI score0.0125EPSS

cve•added 2021/06/29 3:15 p.m.•61 views

CVE-2021-29479

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable...

7CVSS6.4AI score0.00225EPSS

cve•added 2021/06/29 7:15 p.m.•61 views

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with acc...

7.5CVSS6.7AI score0.00072EPSS