CVE-2020-5207

ktorio/ktor

on github

Published

January 27, 2020

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

5 MEDIUM

Description

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

References

https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v
https://github.com/ktorio/ktor/pull/1547

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:jetbrains:ktor::::::::	n/a	1.3.0	*

External Links

NVD - CVE-2020-5207