CVE-2019-17513: Improper Input Validation

October 17, 2019 (updated October 24, 2019)

Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.

References

nvd.nist.gov/vuln/detail/CVE-2019-17513
ratpack.io/versions/1.7.5

Code Behaviors & Features

Detect and mitigate CVE-2019-17513 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →