CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25763
https://notcve.org/view.php?id=CVE-2021-25763
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. En JetBrains Ktor versiones anteriores a 1.4.2, un conjunto de cifrado débil estaban habilitados por defecto • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25761
https://notcve.org/view.php?id=CVE-2021-25761
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. En JetBrains Ktor versiones anteriores a 1.5.0, fue posible un ataque de tipo birthday en la clave de SessionStorage • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26129
https://notcve.org/view.php?id=CVE-2020-26129
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. En JetBrains Ktor versiones anteriores a 1.4.1, era posible el tráfico no autorizado de peticiones HTTP • https://blog.jetbrains.com https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5207 – Request smuggling is possible in Ktor when both chunked TE and content length specified
https://notcve.org/view.php?id=CVE-2020-5207
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. En Ktor versiones anteriores a 1.3.0, el tráfico no autorizado de peticiones es posible cuando se ejecuta detrás de un proxy que no maneja Content-Length y Transfer-Encoding apropiadamente o no maneja \n como un separador de encabezados. • https://github.com/ktorio/ktor/pull/1547 https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19389
https://notcve.org/view.php?id=CVE-2019-19389
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. El framework JetBrains Ktor versiones anteriores a 1.2.6, era vulnerable a la División de Respuesta HTTP. • https://gist.github.com/JLLeitschuh/6792947ed57d589b08c1cc8b666c7737 https://github.com/ktorio/ktor/pull/1408 https://twitter.com/JLLeitschuh/status/1210256191110230017?s=20 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •