Vulnerabilities > Jetbrains > Ktor

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2021-25763 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
network
low complexity
jetbrains CWE-327
5.3
2021-02-03 CVE-2021-25762 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
network
low complexity
jetbrains CWE-444
5.3
2021-02-03 CVE-2021-25761 Inadequate Encryption Strength vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
network
low complexity
jetbrains CWE-326
5.3
2020-11-16 CVE-2020-26129 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
network
low complexity
jetbrains CWE-444
6.5
2020-01-27 CVE-2020-5207 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
network
low complexity
jetbrains CWE-444
7.5
2019-12-26 CVE-2019-19389 Injection vulnerability in Jetbrains Ktor
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
network
low complexity
jetbrains CWE-74
5.4
2019-12-10 CVE-2019-19703 Open Redirect vulnerability in Jetbrains Ktor
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
network
low complexity
jetbrains CWE-601
6.1
2019-10-02 CVE-2019-12737 Use of Password Hash With Insufficient Computational Effort vulnerability in Jetbrains Ktor
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
network
low complexity
jetbrains CWE-916
5.3
2019-10-02 CVE-2019-12736 Command Injection vulnerability in Jetbrains Ktor
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
network
low complexity
jetbrains CWE-77
critical
9.8
2019-07-03 CVE-2019-10102 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Kotlin and Ktor
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
network
high complexity
jetbrains CWE-319
8.1