Description

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.

Remediation

References

https://github.com/ratpack/ratpack/commit/c560a8d10cb8bdd7a526c1ca2e67c8f224ca23ae

https://github.com/ratpack/ratpack/commit/efb910d38a96494256f36675ef0e5061097dd77d

https://github.com/ratpack/ratpack/releases/tag/v1.7.5

https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j

https://ratpack.io/versions/1.7.5

Related Vulnerabilities

CVE-2014-0120 Vulnerability in maven package io.hawt:hawtio-karaf-terminal

CVE-2021-21179 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-47323 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2022-43403 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-server

Severity

High

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Patch Release Notes Third Party Advisory Vendor Advisory