io.ratpack:ratpack-core

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.ratpack:ratpack-corepage 1 of 1

CVE-2019-10770MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.7.6
2020-01-28
vulnerable: 0.9.0 ... 1.7.5 (62 versions)
All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the produc…
CVE-2019-17513HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.5
2019-10-18
vulnerable: 0.9.0 ... 1.7.4 (61 versions)
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers wit…
CVE-2021-29479HIGHCVSS 7.0EG 7.0✓ Fixed in 1.9.0
2021-06-29
vulnerable: 0.9.0 ... 1.9.0-rc-2 (68 versions)
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-…
CVE-2021-29485CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.9.0
2021-06-29
vulnerable: 0.9.0 ... 1.9.0-rc-2 (68 versions)
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session …

Check whether io.ratpack:ratpack-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.ratpack:ratpack-core CVEs against the assets you own.

Start Free Scan →