JetBrains Ktor 0.9.4 Dev3

CPE Details

JetBrains Ktor 0.9.4 Dev3
jetbrains
ktor
0.9.4
2019-10-03
14h23 +00:00
2019-10-03
14h23 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:jetbrains:ktor:0.9.4:dev3:*:*:*:*:*:*

Informations

Vendor

jetbrains

Product

ktor

Version

0.9.4

Update

dev3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-49580 2024-10-17 13h00 +00:00 In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
5.3
Moyen
CVE-2023-45613 2023-10-09 10h20 +00:00 In JetBrains Ktor before 2.3.5 server certificates were not verified
9.1
Critique
CVE-2023-45612 2023-10-09 10h20 +00:00 In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
9.8
Critique
CVE-2023-34339 2023-06-01 18h12 +00:00 In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
3.3
Bas
CVE-2022-48476 2023-04-24 12h21 +00:00 In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
7.5
Haute
CVE-2022-38180 2022-08-12 07h55 +00:00 In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
6.5
Moyen
CVE-2022-38179 2022-08-12 07h55 +00:00 JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
6.1
Moyen
CVE-2022-29035 2022-04-11 16h12 +00:00 In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
3.3
Bas
CVE-2021-43203 2021-11-09 13h52 +00:00 In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
7.5
Haute
CVE-2021-25762 2021-02-03 14h24 +00:00 In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
5.3
Moyen
CVE-2021-25763 2021-02-03 14h22 +00:00 In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
5.3
Moyen
CVE-2021-25761 2021-02-03 14h21 +00:00 In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
5.3
Moyen
CVE-2020-26129 2020-11-16 14h09 +00:00 In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
6.5
Moyen
CVE-2020-5207 2020-01-27 18h30 +00:00 In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
7.5
Haute
CVE-2019-19389 2019-12-26 19h15 +00:00 JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
5.4
Moyen
CVE-2019-19703 2019-12-10 18h43 +00:00 In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
6.1
Moyen
CVE-2019-12736 2019-10-02 16h48 +00:00 JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
9.8
Critique
CVE-2019-12737 2019-10-02 16h47 +00:00 UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
5.3
Moyen
CVE-2019-10102 2019-07-02 22h00 +00:00 JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
8.1
Haute