CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49580
https://notcve.org/view.php?id=CVE-2024-49580
17 Oct 2024 — In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45613
https://notcve.org/view.php?id=CVE-2023-45613
09 Oct 2023 — In JetBrains Ktor before 2.3.5 server certificates were not verified En JetBrains Ktor anterior a 2.3.5, los certificados de servidor no se verificaban • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45612
https://notcve.org/view.php?id=CVE-2023-45612
09 Oct 2023 — In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE En JetBrains Ktor anterior a 2.3.5, la configuración predeterminada de ContentNegotiation con formato XML era vulnerable a XXE • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34339
https://notcve.org/view.php?id=CVE-2023-34339
01 Jun 2023 — In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48476
https://notcve.org/view.php?id=CVE-2022-48476
24 Apr 2023 — In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38180
https://notcve.org/view.php?id=CVE-2022-38180
12 Aug 2022 — In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases En JetBrains Ktor versiones anteriores a 2.1.0, podía seleccionarse un proveedor de autenticación erróneo en algunos casos • https://github.com/ktorio/ktor/pull/3092 • CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38179
https://notcve.org/view.php?id=CVE-2022-38179
12 Aug 2022 — JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack JetBrains Ktor versiones anteriores a 2.1.0, era vulnerable a un ataque de Descarga de Archivos Reflejado. • https://github.com/ktorio/ktor/pull/3110 • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29930
https://notcve.org/view.php?id=CVE-2022-29930
12 May 2022 — SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. La implementación de SHA1 en JetBrains Ktor Native 2.0.0 devolvía el mismo valor. El problema se ha solucionado en la versión 2.0.1 de Ktor • https://github.com/ktorio/ktor/pull/2966 • CWE-330: Use of Insufficiently Random Values CWE-342: Predictable Exact Value from Previous Values •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29035
https://notcve.org/view.php?id=CVE-2022-29035
11 Apr 2022 — In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations En JetBrains Ktor Native versiones anteriores a 2.0.0, los valores aleatorios usados para la generación de nonce no usaban implementaciones de SecureRandom • https://github.com/ktorio/ktor/pull/2776 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43203
https://notcve.org/view.php?id=CVE-2021-43203
09 Nov 2021 — In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. En JetBrains Ktor versiones anteriores a 1.6.4, la verificación de nonce durante el proceso de autenticación OAuth2 es implementada incorrectamente • https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021 • CWE-287: Improper Authentication •