ratpack-core is vulnerable to HTTP response splitting. The vulnerability exists due to the lack of validation of response header values as the DefaultHttpHeaders
object is created with verification disabled by default, allowing malicious user-supplied values to be part of response headers.
CPE | Name | Operator | Version |
---|---|---|---|
ratpack-core | eq | 1.7.4 | |
ratpack-core | le | 1.7.3 | |
ratpack-core | le | 1.0.0 | |
ratpack-core | eq | 1.7.4 | |
ratpack-core | le | 1.7.3 | |
ratpack-core | le | 1.0.0 |
github.com/JLLeitschuh
github.com/ratpack/ratpack/commit/c560a8d10cb8bdd7a526c1ca2e67c8f224ca23ae
github.com/ratpack/ratpack/commit/efb910d38a96494256f36675ef0e5061097dd77d
github.com/ratpack/ratpack/releases/tag/v1.7.5
github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j
ratpack.io/versions/1.7.5