io.ratpack:ratpack-core 1.7.5 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the io.ratpack:ratpack-core package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Web Cache Poisoning io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Web Cache Poisoning. A user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key. Users are only vulnerable if they do not configure a custom `PublicAddress` instance. How to fix Web Cache Poisoning? Upgrade `io.ratpack:ratpack-core` to version 1.9.0 or higher.	[,1.9.0)
M Cross-site Scripting (XSS) io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode. How to fix Cross-site Scripting (XSS)? Upgrade `io.ratpack:ratpack-core` to version 1.7.6 or higher.	[0.9.10,1.7.6)

Vulnerability

Vulnerable Version

Web Cache Poisoning

io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications.

Affected versions of this package are vulnerable to Web Cache Poisoning. A user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable if they do not configure a custom PublicAddress instance.

How to fix Web Cache Poisoning?

Upgrade io.ratpack:ratpack-core to version 1.9.0 or higher.

[,1.9.0)

Cross-site Scripting (XSS)

io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data.

Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode.

How to fix Cross-site Scripting (XSS)?

Upgrade io.ratpack:ratpack-core to version 1.7.6 or higher.

[0.9.10,1.7.6)

io.ratpack:ratpack-core@1.7.5 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?