CVE-2019-10770

{"id": "CVE-2019-10770", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-01-28T01:15:10.753", "references": [{"url": "https://snyk.io/vuln/SNYK-JAVA-IORATPACK-534882", "tags": ["Exploit", "Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode."}, {"lang": "es", "value": "Todas las versiones de io.ratpack:ratpack-core desde 0.9.10 inclusive y anteriores a 1.7.6, son vulnerables a un ataque de tipo Cross-site Scripting (XSS). Esto afecta al manejador de errores del modo de desarrollo cuando un mensaje de excepci\u00f3n contiene datos no confiables. Tome en cuenta que el manejador de errores del modo de producci\u00f3n no es vulnerable, para que este sea utilizado en producci\u00f3n requerir\u00eda que los usuarios no deshabiliten el modo de desarrollo."}], "lastModified": "2020-01-29T14:23:32.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ratpack:ratpack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B658FD6-8CEB-4DD6-A610-22B67F2399BF", "versionEndExcluding": "1.7.6", "versionStartIncluding": "0.9.10"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}