Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2021-29479
Good to know:
Date: June 29, 2021
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied "X-Forwarded-Host" header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the "X-Forwarded-Host" header as a cache key. Users are only vulnerable if they do not configure a custom "PublicAddress" instance. For versions prior to 1.9.0, by default, Ratpack utilizes an inferring version of "PublicAddress" which is vulnerable. This can be used to perform redirect cache poisoning where an attacker can force a cached redirect to redirect to their site instead of the intended redirect location. The vulnerability was patched in Ratpack 1.9.0. As a workaround, ensure that "ServerConfigBuilder::publicAddress" correctly configures the server in production.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Reliance on Untrusted Inputs in a Security Decision
CWE-807Top Fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | HIGH |
| Availability (A): | LOW |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | HIGH |
| Authentication (AU): | NONE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | PARTIAL |
| Availability (A): | NONE |
| Additional information: |