Vulnerabilities > Jetbrains > Ktor
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-09 | CVE-2023-45612 | XXE vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 9.8 |
2023-10-09 | CVE-2023-45613 | Improper Certificate Validation vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 server certificates were not verified | 9.1 |
2023-06-01 | CVE-2023-34339 | Information Exposure Through an Error Message vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message | 3.3 |
2023-04-24 | CVE-2022-48476 | Path Traversal vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | 7.5 |
2022-05-12 | CVE-2022-29930 | Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0 SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. | 4.9 |
2022-04-11 | CVE-2022-29035 | Use of Insufficiently Random Values vulnerability in Jetbrains Ktor In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | 4.0 |
2021-11-09 | CVE-2021-43203 | Improper Authentication vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. | 5.0 |
2021-02-03 | CVE-2021-25763 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. | 5.0 |
2021-02-03 | CVE-2021-25762 | HTTP Request Smuggling vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. | 5.0 |
2021-02-03 | CVE-2021-25761 | Inadequate Encryption Strength vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | 5.3 |