Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ktor
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-17 | CVE-2024-49580 | In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure | Ktor | 5.3 | ||
| 2023-10-09 | CVE-2023-45612 | In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | Ktor | 9.8 | ||
| 2023-10-09 | CVE-2023-45613 | In JetBrains Ktor before 2.3.5 server certificates were not verified | Ktor | 9.1 | ||
| 2019-07-03 | CVE-2019-10102 | JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | Kotlin, Ktor | 8.1 | ||
| 2021-02-03 | CVE-2021-25761 | In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | Ktor | 5.3 | ||
| 2023-06-01 | CVE-2023-34339 | In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message | Ktor | 3.3 | ||
| 2023-04-24 | CVE-2022-48476 | In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | Ktor | 7.5 | ||
| 2022-05-12 | CVE-2022-29930 | SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. | Ktor | 4.9 | ||
| 2022-08-12 | CVE-2022-38180 | In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases | Ktor | 6.5 | ||
| 2022-08-12 | CVE-2022-38179 | JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | Ktor | 6.1 |