Jetbrains: >> Ktor Security Vulnerabilities
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
CVSS Score
5.3
EPSS Score
0.0
Published
2024-10-17
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
CVSS Score
8.6
EPSS Score
0.0
Published
2023-10-09
In JetBrains Ktor before 2.3.5 server certificates were not verified
CVSS Score
6.8
EPSS Score
0.0
Published
2023-10-09
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
CVSS Score
3.3
EPSS Score
0.0
Published
2023-06-01
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVSS Score
7.5
EPSS Score
0.0
Published
2023-04-24
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
CVSS Score
4.7
EPSS Score
0.0
Published
2022-08-12
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
CVSS Score
5.3
EPSS Score
0.0
Published
2022-08-12
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
CVSS Score
8.7
EPSS Score
0.0
Published
2022-05-12
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
CVSS Score
3.3
EPSS Score
0.0
Published
2022-04-11
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-11-09
Page 1