Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jetbrains:ktor:1.3.2.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-45613 |
In JetBrains Ktor before 2.3.5 server certificates were not verified Published: October 09, 2023; 7:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-45612 |
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE Published: October 09, 2023; 7:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-34339 |
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message Published: June 01, 2023; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-48476 |
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible Published: April 24, 2023; 9:15:07 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38180 |
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases Published: August 12, 2022; 6:15:28 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-38179 |
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack Published: August 12, 2022; 6:15:28 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-29035 |
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations Published: April 11, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2021-43203 |
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. Published: November 09, 2021; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-25763 |
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-25762 |
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-25761 |
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-26129 |
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Published: November 16, 2020; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |