VYPR

Ktor

by Jetbrains

Source repositories

CVEs (18)

  • CVE-2019-12736CriOct 2, 2019
    risk 0.64cvss 9.8epss 0.02

    JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

  • CVE-2023-45612HigOct 9, 2023
    risk 0.56cvss 8.6epss 0.01

    In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

  • CVE-2022-48476HigApr 24, 2023
    risk 0.49cvss 7.5epss 0.01

    In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

  • CVE-2021-43203HigNov 9, 2021
    risk 0.49cvss 7.5epss 0.01

    In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.

  • CVE-2019-10102HigJul 3, 2019
    risk 0.46cvss 8.1epss 0.01

    JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

  • CVE-2023-45613MedOct 9, 2023
    risk 0.44cvss 6.8epss 0.00

    In JetBrains Ktor before 2.3.5 server certificates were not verified

  • CVE-2020-26129MedNov 16, 2020
    risk 0.42cvss 6.5epss 0.01

    In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.

  • CVE-2021-25762MedFeb 3, 2021
    risk 0.35cvss 5.3epss 0.01

    In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.

  • CVE-2025-29904MedMar 12, 2025
    risk 0.34cvss 5.3epss 0.00

    In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible

  • CVE-2021-25763MedFeb 3, 2021
    risk 0.34cvss 5.3epss 0.01

    In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.

  • CVE-2021-25761MedFeb 3, 2021
    risk 0.34cvss 5.3epss 0.01

    In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.

  • CVE-2024-49580MedOct 17, 2024
    risk 0.27cvss 5.3epss 0.00

    In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure

  • CVE-2022-38180MedAug 12, 2022
    risk 0.27cvss 5.3epss 0.01

    In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

  • CVE-2022-38179MedAug 12, 2022
    risk 0.24cvss 4.7epss 0.00

    JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

  • CVE-2023-34339LowJun 1, 2023
    risk 0.21cvss 3.3epss 0.00

    In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

  • CVE-2022-29930HigMay 12, 2022
    risk 0.00cvss 8.7epss 0.01

    SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

  • CVE-2022-29035LowApr 11, 2022
    risk 0.00cvss 3.3epss 0.01

    In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations

  • CVE-2019-19389MedDec 26, 2019
    risk 0.00cvss 5.4epss 0.01

    JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.