CVE-2019-10770: Cross-site Scripting

January 28, 2020 (updated January 29, 2020)

ratpack is vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode.

References

nvd.nist.gov/vuln/detail/CVE-2019-10770

Code Behaviors & Features

Detect and mitigate CVE-2019-10770 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →