Main Vulnerability Database Vulnerabilities #VU30722

#VU30722 Input validation error in Ratpack - CVE-2019-17513

Published: October 18, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30722

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-17513

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ratpack

Software vendor:
Ratpack

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.

Remediation

Install update from vendor's website.

External links

https://github.com/ratpack/ratpack/commit/c560a8d10cb8bdd7a526c1ca2e67c8f224ca23ae
https://github.com/ratpack/ratpack/commit/efb910d38a96494256f36675ef0e5061097dd77d
https://github.com/ratpack/ratpack/releases/tag/v1.7.5
https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j
https://ratpack.io/versions/1.7.5

#VU30722 Input validation error in Ratpack - CVE-2019-17513

Description

Remediation

External links

Please verify you're human