Vulnerability Description
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ratpack Project | Ratpack | < 1.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/ratpack/ratpack/pull/1590PatchThird Party Advisory
- https://github.com/ratpack/ratpack/security/advisories/GHSA-phj8-4cq3-794gThird Party Advisory
- https://github.com/ratpack/ratpack/pull/1590PatchThird Party Advisory
- https://github.com/ratpack/ratpack/security/advisories/GHSA-phj8-4cq3-794gThird Party Advisory
FAQ
What is CVE-2021-29481?
CVE-2021-29481 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. T...
How severe is CVE-2021-29481?
CVE-2021-29481 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29481?
Check the references section above for vendor advisories and patch information. Affected products include: Ratpack Project Ratpack.