CVE-2019-17513

Опубликовано: 18 окт. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.

Ссылки

https://github.com/ratpack/ratpack/commit/c560a8d10cb8bdd7a526c1ca2e67c8f224ca23ae
Patch
https://github.com/ratpack/ratpack/commit/efb910d38a96494256f36675ef0e5061097dd77d
Patch
https://github.com/ratpack/ratpack/releases/tag/v1.7.5
Release Notes
Third Party Advisory
https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j
Third Party Advisory
https://ratpack.io/versions/1.7.5
Vendor Advisory
https://github.com/ratpack/ratpack/commit/c560a8d10cb8bdd7a526c1ca2e67c8f224ca23ae
Patch
https://github.com/ratpack/ratpack/commit/efb910d38a96494256f36675ef0e5061097dd77d
Patch
https://github.com/ratpack/ratpack/releases/tag/v1.7.5
Release Notes
Third Party Advisory
https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j
Third Party Advisory
https://ratpack.io/versions/1.7.5
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ratpack_project:ratpack:*:*:*:*:*:*:*:*

Версия до 1.7.5 (исключая)

EPSS

Процентиль: 79%

0.0125

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-mvqp-q37c-wf9j