Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jetbrains:ktor:1.1.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-45613 |
In JetBrains Ktor before 2.3.5 server certificates were not verified Published: October 09, 2023; 7:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-45612 |
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE Published: October 09, 2023; 7:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-34339 |
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message Published: June 01, 2023; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-48476 |
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible Published: April 24, 2023; 9:15:07 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38180 |
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases Published: August 12, 2022; 6:15:28 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-38179 |
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack Published: August 12, 2022; 6:15:28 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-29035 |
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations Published: April 11, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2021-43203 |
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. Published: November 09, 2021; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-25763 |
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-25762 |
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-25761 |
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-26129 |
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Published: November 16, 2020; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2020-5207 |
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. Published: January 27, 2020; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19389 |
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Published: December 26, 2019; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-19703 |
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. Published: December 10, 2019; 3:15:17 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-12737 |
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. Published: October 02, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-12736 |
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. Published: October 02, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |