CVE-2019-17513

Sažetak

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.

Reference

https://github.com/ratpack/ratpack/commit/c560a8d10cb8bdd7a526c1ca2e67c8f224ca23ae
https://github.com/ratpack/ratpack/commit/efb910d38a96494256f36675ef0e5061097dd77d
https://github.com/ratpack/ratpack/releases/tag/v1.7.5
https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j
https://ratpack.io/versions/1.7.5

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

24-08-2020 - 17:37

Objavljeno

18-10-2019 - 03:15