Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ratpack project ratpack vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-17513
An issue exists in Ratpack prior to 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.
Ratpack Project Ratpack
3.7
CVSSv3
CVE-2019-11808
Ratpack versions prior to 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the...
Ratpack Project Ratpack
6.1
CVSSv3
CVE-2021-29479
Ratpack is a toolkit for creating web applications. In versions before 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key. User...
Ratpack Project Ratpack
3.1
CVSSv3
CVE-2021-29480
Ratpack is a toolkit for creating web applications. In versions before 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recom...
Ratpack Project Ratpack
7.5
CVSSv3
CVE-2021-29481
Ratpack is a toolkit for creating web applications. In versions before 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by s...
Ratpack Project Ratpack
8.8
CVSSv3
CVE-2021-29485
Ratpack is a toolkit for creating web applications. In versions before 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not u...
Ratpack Project Ratpack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started