Ktor

ktor

Vendor: Jetbrains • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-29904 1Jetbrains 1Ktor Oct 2, 2025 Mar 12, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
CVE-2024-49580 1Jetbrains 1Ktor Dec 6, 2024 Oct 17, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
CVE-2023-45613 1Jetbrains 1Ktor Nov 21, 2024 Oct 9, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In JetBrains Ktor before 2.3.5 server certificates were not verified
CVE-2023-45612 1Jetbrains 1Ktor Nov 21, 2024 Oct 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
CVE-2023-34339 1Jetbrains 1Ktor Nov 21, 2024 Jun 1, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
CVE-2022-48476 1Jetbrains 1Ktor Nov 21, 2024 Apr 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVE-2022-38180 1Jetbrains 1Ktor Nov 21, 2024 Aug 12, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
CVE-2022-38179 1Jetbrains 1Ktor Nov 21, 2024 Aug 12, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
CVE-2022-29930 1Jetbrains 1Ktor Nov 21, 2024 May 12, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
CVE-2022-29035 1Jetbrains 1Ktor Nov 21, 2024 Apr 11, 2022 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
CVE-2021-43203 1Jetbrains 1Ktor Nov 21, 2024 Nov 9, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
CVE-2021-25763 1Jetbrains 1Ktor Nov 21, 2024 Feb 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
CVE-2021-25762 1Jetbrains 1Ktor Nov 21, 2024 Feb 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
CVE-2021-25761 1Jetbrains 1Ktor Nov 21, 2024 Feb 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
CVE-2020-26129 1Jetbrains 1Ktor Nov 21, 2024 Nov 16, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
CVE-2020-5207 1Jetbrains 1Ktor Nov 21, 2024 Jan 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
CVE-2019-19389 1Jetbrains 1Ktor Nov 21, 2024 Dec 26, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVE-2019-19703 1Jetbrains 1Ktor Nov 21, 2024 Dec 10, 2019 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVE-2019-12737 1Jetbrains 1Ktor Nov 21, 2024 Oct 2, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVE-2019-12736 1Jetbrains 1Ktor Nov 21, 2024 Oct 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

12 Next