GHSA-r2wf-q3x4-hrv9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r2wf-q3x4-hrv9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-r2wf-q3x4-hrv9/GHSA-r2wf-q3x4-hrv9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r2wf-q3x4-hrv9
- Aliases
-
- CVE-2019-10770
- Published
- 2020-01-27T19:28:20Z
- Modified
- 2024-02-16T08:15:38.859327Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
- Details
-
Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (aka. XSS) in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data.
As a simplistic example:
RatpackServer startedServer = RatpackServer.start(server -> { server.handlers(chain -> chain.all(ctx -> { // User supplied query parameter String message = ctx.getRequest().getQueryParams().get("message"); // User supplied data appended to the message in an exception throw new RuntimeException("An error occurred: " + message); })); });Impact
- Cross-Site Scripting
Patches
This vulnerability has been patched in Ratpack version 1.7.6.
Workarounds
If you are unable to update your version of Ratpack, we recommend the following workarounds and mitigations.
- Ensure that development mode is disabled in production.
- Don't use real customer data (ie. untrusted user input) in development.
References
For more information
If you have any questions or comments about this advisory: - Open an issue in ratpack/ratpack - Ask in our Slack channel
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-01-27T18:23:23Z" }- References
Affected packages
Maven / io.ratpack:ratpack-core
Package
- Name
- io.ratpack:ratpack-core
- View open source insights on deps.dev
- Purl
- pkg:maven/io.ratpack/ratpack-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.6
Affected versions
0.*
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.16
0.9.17
0.9.18
0.9.19
1.*
1.0.0-rc-1
1.0.0-rc-2
1.0.0-rc-3
1.0.0
1.1.0
1.1.1
1.2.0-RC-1
1.2.0-rc-2
1.2.0
1.3.0-rc-1
1.3.0-rc-2
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0-rc-1
1.4.0-rc-2
1.4.0-rc-3
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0-rc-1
1.6.0-rc-2
1.6.0-rc-3
1.6.0-rc-4
1.6.0
1.6.1
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5