Vulnerabilities > Jetbrains > Ktor

DATE CVE VULNERABILITY TITLE RISK
2023-10-09 CVE-2023-45612 XXE vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
network
low complexity
jetbrains CWE-611
critical
9.8
2023-10-09 CVE-2023-45613 Improper Certificate Validation vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.5 server certificates were not verified
network
low complexity
jetbrains CWE-295
critical
9.1
2023-06-01 CVE-2023-34339 Information Exposure Through an Error Message vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
local
low complexity
jetbrains CWE-209
3.3
2023-04-24 CVE-2022-48476 Path Traversal vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
network
low complexity
jetbrains CWE-22
7.5
2022-05-12 CVE-2022-29930 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value.
network
low complexity
jetbrains CWE-330
4.9
2022-04-11 CVE-2022-29035 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
network
low complexity
jetbrains CWE-330
4.0
2021-11-09 CVE-2021-43203 Improper Authentication vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
network
low complexity
jetbrains CWE-287
5.0
2021-02-03 CVE-2021-25763 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
network
low complexity
jetbrains CWE-327
5.0
2021-02-03 CVE-2021-25762 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
network
low complexity
jetbrains CWE-444
5.0
2021-02-03 CVE-2021-25761 Inadequate Encryption Strength vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
network
low complexity
jetbrains CWE-326
5.3