CVE-2019-11808

Name of the Vulnerable Software and Affected Versions Ratpack versions prior to 1.6.1

Description The issue arises from the generation of session IDs using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This weakness allows an attacker to potentially determine the sequence of session IDs if they can estimate a small window for the server start time and obtain a session ID value.

Recommendations For Ratpack versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue.