In JetBrains Ktor before 2.3.0 path traversal in the resolveResource method was possible
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
3.3CVSS
4.2AI Score
0.0004EPSS
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
9.8CVSS
9.4AI Score
0.001EPSS
9.1CVSS
9.2AI Score
0.001EPSS