Jetbrains: >> Kotlin >> 1.3.20 Security Vulnerabilities
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-02-25
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
CVSS Score
8.1
EPSS Score
0.0
Published
2019-07-03
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
CVSS Score
8.1
EPSS Score
0.0
Published
2019-07-03
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
CVSS Score
8.1
EPSS Score
0.0
Published
2019-07-03