Vulnerabilities > Jetbrains > Ktor

DATE CVE VULNERABILITY TITLE RISK
2024-10-17 CVE-2024-49580 Unspecified vulnerability in Jetbrains Ktor
In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure
network
low complexity
jetbrains
5.3
2023-10-09 CVE-2023-45612 XXE vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
network
low complexity
jetbrains CWE-611
critical
9.8
2023-10-09 CVE-2023-45613 Improper Certificate Validation vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.5 server certificates were not verified
network
low complexity
jetbrains CWE-295
critical
9.1
2023-06-01 CVE-2023-34339 Information Exposure Through an Error Message vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
local
low complexity
jetbrains CWE-209
3.3
2023-04-24 CVE-2022-48476 Path Traversal vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
network
low complexity
jetbrains CWE-22
7.5
2022-08-12 CVE-2022-38179 Incorrect Comparison vulnerability in Jetbrains Ktor
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
network
low complexity
jetbrains CWE-697
6.1
2022-08-12 CVE-2022-38180 Improper Authentication vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
network
low complexity
jetbrains CWE-287
6.5
2022-05-12 CVE-2022-29930 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value.
network
low complexity
jetbrains CWE-330
4.9
2022-04-11 CVE-2022-29035 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
network
low complexity
jetbrains CWE-330
2.7
2021-11-09 CVE-2021-43203 Improper Authentication vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
network
low complexity
jetbrains CWE-287
7.5