Vulnerabilities > Jetbrains > Ktor > 1.6.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-09 | CVE-2023-45612 | XXE vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 9.8 |
2023-10-09 | CVE-2023-45613 | Improper Certificate Validation vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 server certificates were not verified | 9.1 |
2023-06-01 | CVE-2023-34339 | Information Exposure Through an Error Message vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message | 3.3 |
2023-04-24 | CVE-2022-48476 | Path Traversal vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | 7.5 |
2022-04-11 | CVE-2022-29035 | Use of Insufficiently Random Values vulnerability in Jetbrains Ktor In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | 4.0 |
2021-11-09 | CVE-2021-43203 | Improper Authentication vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. | 5.0 |