Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

Ktor XML XXE Vulnerability Reproduction CVE-2023-45612 Re...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

PoC exploit for CVE-2023-45612, a XXE vulnerability. The target...

CVE-2019-10102

JetBrains Ktor framework created using the Kotlin IDE template versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30...

CVE-2019-12736

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

HTTP Request Smuggling

Overview io.ktor:ktor-network-tls is a framework for quickly creating web applications in Kotlin with minimal effort. Affected versions of this package are vulnerable to HTTP Request Smuggling due to a race condition between multiple coroutines using the same thread. Remediation Upgrade...

JetBrains Security Bulletin Q4 2019

FYI Security JetBrains Security Bulletin Q4 2019 Robert Demmer In the fourth quarter of 2019, we resolved a series of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description | Severity |...

JetBrains Ktor framework injection vulnerability

JetBrains Ktor framework is a Web application framework from the Czech company JetBrains. An injection vulnerability exists in JetBrains Ktor framework versions prior to 1.2.6. The vulnerability stems from a lack of proper validation of user input data by a web system or product during the course...

CVE-2019-19389

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting...

Unspecified vulnerability in JetBrains Ktor framework

JetBrains Ktor framework is a Web application framework from the Czech company JetBrains. An unspecified vulnerability exists in JetBrains Ktor framework. An attacker can exploit this vulnerability to obtain sensitive information...

CVE-2019-12737

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials...

CVE-2019-12736

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

Command injection

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

CVE-2019-12736

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

CVE-2019-12737

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials...

CVE-2019-10102

JetBrains Ktor framework created using the Kotlin IDE template versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30...

CVE-2019-10102

CVE-2019-10102 affects JetBrains/Ktor-related tooling (Kotlin IDE template) before version 1.1.0, where artifacts were resolved over http during build, enabling potential MITM attacks. This vulnerability is addressed in the Kotlin plugin fix release 1.3.30; affected branches rely on prior Kotlin ...

PT-2019-11506 · Jetbrains · Kotlin Plugin +1

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor framework versions prior to 1.1.0 Description: The issue allows for a potential MITM attack due to the resolution of artifacts using an http connection during the build process. This was fixed in a related component, the Kotlin...