Vulnerabilities > Jetbrains > Ktor > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-29930 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value.
network
low complexity
jetbrains CWE-330
4.9
2022-04-11 CVE-2022-29035 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
network
low complexity
jetbrains CWE-330
4.0
2021-11-09 CVE-2021-43203 Improper Authentication vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
network
low complexity
jetbrains CWE-287
5.0
2021-02-03 CVE-2021-25763 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
network
low complexity
jetbrains CWE-327
5.0
2021-02-03 CVE-2021-25762 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
network
low complexity
jetbrains CWE-444
5.0
2021-02-03 CVE-2021-25761 Inadequate Encryption Strength vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
network
low complexity
jetbrains CWE-326
5.3
2020-11-16 CVE-2020-26129 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
network
low complexity
jetbrains CWE-444
6.4
2020-01-27 CVE-2020-5207 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
network
low complexity
jetbrains CWE-444
5.0
2019-12-10 CVE-2019-19703 Open Redirect vulnerability in Jetbrains Ktor
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
network
jetbrains CWE-601
5.8
2019-10-02 CVE-2019-12737 Use of Password Hash With Insufficient Computational Effort vulnerability in Jetbrains Ktor
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
network
low complexity
jetbrains CWE-916
5.0