logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2019-10770 io.ratpack:ratpack-core

Package

Manager: maven
Name: io.ratpack:ratpack-core
Vulnerable Version: >=0 <1.7.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0024 pctl0.47196

Details

Default development error handler in Ratpack is vulnerable to HTML content injection (XSS) Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to [CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')](https://cwe.mitre.org/data/definitions/79.html) (aka. XSS) in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a simplistic example: ```java RatpackServer startedServer = RatpackServer.start(server -> { server.handlers(chain -> chain.all(ctx -> { // User supplied query parameter String message = ctx.getRequest().getQueryParams().get("message"); // User supplied data appended to the message in an exception throw new RuntimeException("An error occurred: " + message); })); }); ``` ### Impact - Cross-Site Scripting ### Patches This vulnerability has been patched in Ratpack version 1.7.6. ### Workarounds If you are unable to update your version of Ratpack, we recommend the following workarounds and mitigations. - Ensure that development mode is disabled in production. - Don't use real customer data (ie. untrusted user input) in development. ### References - [Ratpack development mode](https://ratpack.io/manual/current/api/ratpack/server/ServerConfigBuilder.html#development-boolean-) - [Code Patch - a3cbb13](https://github.com/ratpack/ratpack/commit/a3cbb13be1527874528c3b99fc33517c0297b6d3) ### For more information If you have any questions or comments about this advisory: - Open an issue in [ratpack/ratpack](https://github.com/ratpack/ratpack/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) - Ask in our [Slack channel](https://slack-signup.ratpack.io/)

Metadata

Created: 2020-01-27T19:28:20Z
Modified: 2021-08-19T16:44:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-r2wf-q3x4-hrv9/GHSA-r2wf-q3x4-hrv9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-r2wf-q3x4-hrv9
Finding: F008
Auto approve: 1