EPSS
Percentile
33.5%
ktor-http is vulnerable to reflected file download attacks. The vulnerability exists because the Content-Disposition filename parameter is not properly encoded which allows an attacker to perform untrusted file downloads.
Content-Disposition
github.com/ktorio/ktor/commit/26028bc9e6d8bb1f2448cd4414fd371135ad5e86
github.com/ktorio/ktor/pull/3110
www.jetbrains.com/privacy-security/issues-fixed/
youtrack.jetbrains.com/issue/KTOR-4669