What is CVE-2021-29480?

CVE-2021-29480 is a medium-severity vulnerability in Ratpack, classified under CWE-340. CVSS score: 4.4/10. Published 2021-06-29.

How severe is CVE-2021-29480?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Vulnerability in Ratpack

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if…

EPSS: 0.001 (25.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Ratpack — versions < 1.9.0

Weakness classification (CWE)

CWE-340

References

github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v (x_refsource_CONFIRM)
github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpac… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-29480?: CVE-2021-29480 is a medium-severity vulnerability in Ratpack, classified under CWE-340. CVSS score: 4.4/10. Published 2021-06-29.
How severe is CVE-2021-29480?: Medium severity. CVSS v3 base score is 4.4 out of 10.