{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T06:22:01.922","vulnerabilities":[{"cve":{"id":"CVE-2019-10770","sourceIdentifier":"report@snyk.io","published":"2020-01-28T01:15:10.753","lastModified":"2024-11-21T04:19:53.293","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode."},{"lang":"es","value":"Todas las versiones de io.ratpack:ratpack-core desde 0.9.10 inclusive y anteriores a 1.7.6, son vulnerables a un ataque de tipo Cross-site Scripting (XSS). Esto afecta al manejador de errores del modo de desarrollo cuando un mensaje de excepción contiene datos no confiables. Tome en cuenta que el manejador de errores del modo de producción no es vulnerable, para que este sea utilizado en producción requeriría que los usuarios no deshabiliten el modo de desarrollo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ratpack:ratpack:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.10","versionEndExcluding":"1.7.6","matchCriteriaId":"0B658FD6-8CEB-4DD6-A610-22B67F2399BF"}]}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-JAVA-IORATPACK-534882","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-IORATPACK-534882","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}