Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ktor
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-11 | CVE-2022-29035 | In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | Ktor | 2.7 | ||
| 2021-11-09 | CVE-2021-43203 | In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. | Ktor | 7.5 | ||
| 2021-02-03 | CVE-2021-25762 | In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. | Ktor | 5.3 | ||
| 2021-02-03 | CVE-2021-25763 | In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. | Ktor | 5.3 | ||
| 2020-11-16 | CVE-2020-26129 | In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | Ktor | 6.5 | ||
| 2020-01-27 | CVE-2020-5207 | In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. | Ktor | N/A | ||
| 2019-12-26 | CVE-2019-19389 | JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | Ktor | N/A | ||
| 2019-12-10 | CVE-2019-19703 | In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | Ktor | N/A | ||
| 2019-10-02 | CVE-2019-12737 | UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | Ktor | N/A | ||
| 2019-10-02 | CVE-2019-12736 | JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | Ktor | N/A |