Ratpack
CVE-2021-29479
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 37 maven packages depend on io.ratpack:ratpack-core (16 direct, 22 indirect)
Ecosystem-wide dependent count for version 1.9.0.
DescriptionNVD
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable if they do not configure a custom PublicAddress instance. For versions prior to 1.9.0, by default, Ratpack utilizes an inferring version of PublicAddress which is vulnerable. This can be used to perform redirect cache poisoning where an attacker can force a cached redirect to redirect to their site instead of the intended redirect location. The vulnerability was patched in Ratpack 1.9.0. As a workaround, ensure that ServerConfigBuilder::publicAddress correctly configures the server in production.
AnalysisAI
Ratpack is a toolkit for creating web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-807. Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied X-Forwarded-Host header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the X-Forwarded-Host header as a cache key. Users are only vulnerable if they do not configure a custom PublicAddress instance. For versions prior to 1.9.0, by default, Ratpack utilizes an inferring version of PublicAddress which is vulnerable. This can be used to perform redirect cache poisoning where an attacker can force a cached redirect to redirect to their site instead of the intended redirect location. The vulnerability was patched in Ratpack 1.9.0. As a workaround, ensure that ServerConfigBuilder::publicAddress correctly configures the server in production. Affected products include: Ratpack Project Ratpack. Version information: prior to 1.9.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 8.8), this vulnerability is remotely explo
Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely explo
An issue was discovered in Ratpack before 1.7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita
Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom.
Ratpack is a toolkit for creating web applications. Rated low severity (CVSS 3.1), this vulnerability is remotely exploi
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today