ratpack-session uses an insecure random number generator. The UUID generated for the session IDs does not use a cryptographically secure random generator and would potentially allow attackers to guess a session ID.
CPE | Name | Operator | Version |
---|---|---|---|
ratpack-session | le | 1.6.0 | |
ratpack-session | le | 0.9.16 |