First published: Tue Nov 09 2021(Updated: )
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
JetBrains Ktor | <1.6.4 | |
<1.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-43203.
The title of the vulnerability is 'In JetBrains Ktor before 1.6.4 nonce verification during the OAuth2 authentication process is implemented improperly.'
The description of the vulnerability is that nonce verification during the OAuth2 authentication process in JetBrains Ktor before version 1.6.4 is implemented improperly.
The vulnerability affects JetBrains Ktor version up to and excluding 1.6.4.
The severity of this vulnerability is high with a CVSS score of 7.5.
Yes, you can refer to the following link for more information: https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/
The vulnerability is associated with CWE ID 287.
To fix this vulnerability, it is recommended to upgrade JetBrains Ktor to version 1.6.4 or later.