U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:jetbrains:ktor:1.3.0:beta2:*:*:*:*:*:*
  • CPE Name Search: true
There are 12 matching records.
Displaying matches 1 through 12.
Vuln ID Summary CVSS Severity
CVE-2023-45613

In JetBrains Ktor before 2.3.5 server certificates were not verified

Published: October 09, 2023; 7:15:11 AM -0400 		V4.0:(not available)
 V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-45612

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

Published: October 09, 2023; 7:15:11 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-34339

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

Published: June 01, 2023; 3:15:09 PM -0400 		V4.0:(not available)
 V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-48476

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

Published: April 24, 2023; 9:15:07 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-38180

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

Published: August 12, 2022; 6:15:28 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-38179

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

Published: August 12, 2022; 6:15:28 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations

Published: April 11, 2022; 3:15:08 PM -0400 		V4.0:(not available)
 V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2021-43203

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.

Published: November 09, 2021; 10:15:10 AM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-25763

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.

Published: February 03, 2021; 11:15:14 AM -0500 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-25762

In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.

Published: February 03, 2021; 11:15:14 AM -0500 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-25761

In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.

Published: February 03, 2021; 11:15:14 AM -0500 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-26129

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.

Published: November 16, 2020; 11:15:14 AM -0500 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM