Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ktor
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-17 | CVE-2024-49580 | In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure | Ktor | 5.3 | ||
| 2020-01-27 | CVE-2020-5207 | In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. | Ktor | 7.5 | ||
| 2020-11-16 | CVE-2020-26129 | In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | Ktor | 6.5 | ||
| 2021-02-03 | CVE-2021-25761 | In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | Ktor | 5.3 | ||
| 2021-02-03 | CVE-2021-25762 | In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. | Ktor | 5.3 | ||
| 2021-02-03 | CVE-2021-25763 | In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. | Ktor | 5.3 | ||
| 2021-11-09 | CVE-2021-43203 | In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. | Ktor | 7.5 | ||
| 2022-04-11 | CVE-2022-29035 | In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | Ktor | 2.7 | ||
| 2022-05-12 | CVE-2022-29930 | SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. | Ktor | 4.9 | ||
| 2022-08-12 | CVE-2022-38179 | JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | Ktor | 6.1 |