Lucene search
Veracode Vulnerability DatabaseVERACODE:21754HistoryOct 21, 2019 - 7:28 a.m.
HTTP Response Splitting
2019-10-2107:28:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
49.8%
ratpack-core is vulnerable to HTTP response splitting. The vulnerability exists due to the lack of validation of response header values as the DefaultHttpHeaders object is created with verification disabled by default, allowing malicious user-supplied values to be part of response headers.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ratpack-core | eq | 1.7.4 | |
| ratpack-core | le | 1.7.3 | |
| ratpack-core | le | 1.0.0 | |
| ratpack-core | eq | 1.7.4 | |
| ratpack-core | le | 1.7.3 | |
| ratpack-core | le | 1.0.0 |
References
github.com/JLLeitschuh
github.com/ratpack/ratpack/commit/c560a8d10cb8bdd7a526c1ca2e67c8f224ca23ae
github.com/ratpack/ratpack/commit/efb910d38a96494256f36675ef0e5061097dd77d
github.com/ratpack/ratpack/releases/tag/v1.7.5
github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j
ratpack.io/versions/1.7.5
Related
prion
prion
Design/Logic Flaw
2019-10-18 03:15:00
osv
osv
CVE-2019-17513
2019-10-18 03:15:09
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
2019-10-21 16:08:43
HTTP Response Splitting in Styx
2020-03-03 15:32:03
cve
cve
CVE-2019-17513
2019-10-18 03:15:09
nvd
nvd
CVE-2019-17513
2019-10-18 03:15:09
cvelist
cvelist
CVE-2019-17513
2019-10-18 02:36:25
github
github
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
2019-10-21 16:08:43
HTTP Response Splitting in Styx
2020-03-03 15:32:03
