ratpack-core is susceptible to cross-site scripting (XSS). It does not sanitize the user input rendered as an exception message in the development error handler, allowing an attacker to inject malicious script via the message.The library is vulnerable only through the development mode’s error handler.
CPE | Name | Operator | Version |
---|---|---|---|
ratpack-core | le | 1.7.5 |