Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jetbrains:ktor:1.0.0:beta2:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-45613 |
In JetBrains Ktor before 2.3.5 server certificates were not verified Published: October 09, 2023; 7:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-45612 |
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE Published: October 09, 2023; 7:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-34339 |
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message Published: June 01, 2023; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-48476 |
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible Published: April 24, 2023; 9:15:07 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38180 |
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases Published: August 12, 2022; 6:15:28 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-38179 |
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack Published: August 12, 2022; 6:15:28 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-29035 |
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations Published: April 11, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2021-43203 |
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. Published: November 09, 2021; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-25763 |
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-25762 |
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-25761 |
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-26129 |
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Published: November 16, 2020; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2020-5207 |
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. Published: January 27, 2020; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19389 |
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Published: December 26, 2019; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-19703 |
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. Published: December 10, 2019; 3:15:17 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-12737 |
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. Published: October 02, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-12736 |
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. Published: October 02, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-10102 |
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. Published: July 03, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |