Browse all 4 CVE security advisories affecting ratpack. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ratpack is a JVM-based toolkit for building web applications, primarily used for creating lightweight, high-performance REST services. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While no major public incidents have been widely documented, the four CVEs associated with the framework highlight potential risks in areas like path traversal and deserialization. Its minimal design reduces attack surfaces compared to heavier frameworks, but developers must remain vigilant about secure coding practices to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-29485 | Remote Code Execution Vulnerability in Session Storage — ratpackCWE-502 | 9.9 | Critical | 2021-06-29 |
| CVE-2021-29481 | Client side sessions should not allow unencrypted storage — ratpackCWE-312 | 6.5 | Medium | 2021-06-29 |
| CVE-2021-29480 | Default client side session signing key is highly predictable — ratpackCWE-340 | 4.4 | Medium | 2021-06-29 |
| CVE-2021-29479 | Cached redirect poisoning via X-Forwarded-Host header — ratpackCWE-807 | 7.0 | High | 2021-06-29 |
This page lists every published CVE security advisory associated with ratpack. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.