Ktor Security Vulnerabilities and Issues — Ktor CVE List

Lucene search

JetbrainsKtor

5 matches found

CVE•added 2019/07/03 8:15 p.m.•253 views

CVE-2019-10102

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

8.1CVSS7.9AI score0.00003EPSS

CVE•added 2019/12/26 9:15 p.m.•80 views

CVE-2019-19389

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.

5.4CVSS5.4AI score0.00005EPSS

CVE•added 2019/12/10 8:15 p.m.•58 views

CVE-2019-19703

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.

6.1CVSS6.1AI score0.00004EPSS

CVE•added 2019/10/02 7:15 p.m.•45 views

CVE-2019-12736

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

9.8CVSS9.7AI score0.00027EPSS

CVE•added 2019/10/02 7:15 p.m.•36 views

CVE-2019-12737

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

5.3CVSS5.2AI score0.00002EPSS