Ratpack Project Ratpack — known CVE vulnerabilities
Every CVE whose affected-product data names Ratpack Project Ratpack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-29485 — CVSS 9.9 (critical): Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution…
CVE-2019-17513 — CVSS 7.5 (high): An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that…
CVE-2021-29479 — CVSS 7.0 (high): Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to…
CVE-2021-29481 — CVSS 6.5 (medium): Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results…
CVE-2021-29480 — CVSS 4.4 (medium): Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup…
CVE-2019-11808 — CVSS 3.7 (low): Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if…