Upgrade gstreamer/gstreamer to version 1.24.10 or higher.

io.ratpack:ratpack-core 0.9.5 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the io.ratpack:ratpack-core package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Web Cache Poisoning io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Web Cache Poisoning. A user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key. Users are only vulnerable if they do not configure a custom `PublicAddress` instance. How to fix Web Cache Poisoning? Upgrade `io.ratpack:ratpack-core` to version 1.9.0 or higher.	[,1.9.0)
H HTTP Response Splitting io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to HTTP Response Splitting. If untrusted and unsanitized data is used to populate the headers of an HTTP response, an attacker can utilize this vulnerability to have the server issue any HTTP response they specify. The root cause was due to using the `netty` `DefaultHttpHeaders object` with verification disabled. If your application uses arbitrary user input as the value of a response header it is vulnerable. If your application does not use arbitrary values as response header values, it is not vulnerable. How to fix HTTP Response Splitting? Upgrade `io.ratpack:ratpack-core` to version 1.7.5 or higher.	(0.9.1,1.7.5)

Vulnerability

Vulnerable Version

Web Cache Poisoning

io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications.

Affected versions of this package are vulnerable to Web Cache Poisoning. A user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable if they do not configure a custom PublicAddress instance.

How to fix Web Cache Poisoning?

Upgrade io.ratpack:ratpack-core to version 1.9.0 or higher.

[,1.9.0)

HTTP Response Splitting

io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications.

Affected versions of this package are vulnerable to HTTP Response Splitting. If untrusted and unsanitized data is used to populate the headers of an HTTP response, an attacker can utilize this vulnerability to have the server issue any HTTP response they specify. The root cause was due to using the netty DefaultHttpHeaders object with verification disabled.

If your application uses arbitrary user input as the value of a response header it is vulnerable. If your application does not use arbitrary values as response header values, it is not vulnerable.

How to fix HTTP Response Splitting?

Upgrade io.ratpack:ratpack-core to version 1.7.5 or higher.

(0.9.1,1.7.5)

io.ratpack:ratpack-core@0.9.5 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?