Latest jetbrains ktor Vulnerabilities

CVE-2023-45613
In JetBrains Ktor before 2.3.5 server certificates were not verified
JetBrains Ktor<2.3.5
CVE-2023-45612
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
JetBrains Ktor<2.3.5
CVE-2023-34339
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
JetBrains Ktor<2.3.1
CVE-2022-48476
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
JetBrains Ktor<2.3.0
CVE-2022-38179
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
JetBrains Ktor<2.1.0
CVE-2022-29930
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
JetBrains Ktor=2.0.0
CVE-2022-29035
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
JetBrains Ktor<2.0.0
CVE-2021-43203
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
JetBrains Ktor<1.6.4
CVE-2021-25762
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
JetBrains Ktor<1.4.3
CVE-2021-25763
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
JetBrains Ktor<1.4.2
CVE-2021-25761
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
JetBrains Ktor<1.5.0
CVE-2020-26129
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
JetBrains Ktor<1.4.1
CVE-2020-5207
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
JetBrains Ktor<1.3.0
CVE-2019-19389
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
JetBrains Ktor<1.2.6
CVE-2019-19703
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
JetBrains Ktor<=1.2.6
CVE-2019-12736
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
JetBrains Ktor<=1.1.5
CVE-2019-12737
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
JetBrains Ktor<=1.1.5
JetBrains Ktor=1.2.0-rc
CVE-2019-10102
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. ...
JetBrains Kotlin<1.3.30
JetBrains Ktor<1.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203