ktorio/ktor

ktorio/ktor

Releases186

Frequency2 weeks 6 days

Last Release 21 days ago

Stars14.4K

Framework for quickly creating connected applications in Kotlin with minimal effort

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-38179 ↗	Aug 12, 2022Friday, 12 August 2022, 10:15	4.7 MEDIUM	—
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
CVE-2022-38180 ↗	Aug 12, 2022Friday, 12 August 2022, 10:15	5.3 MEDIUM	—
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
CVE-2022-29930 ↗	May 12, 2022Thursday, 12 May 2022, 09:15	8.7 HIGH	4 MEDIUM
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
CVE-2022-29035 ↗	Apr 11, 2022Monday, 11 April 2022, 19:15	3.3 LOW	4 MEDIUM
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
CVE-2020-5207 ↗	Jan 27, 2020Monday, 27 January 2020, 20:15	5.4 MEDIUM	5 MEDIUM
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
CVE-2019-19389 ↗	Dec 26, 2019Thursday, 26 December 2019, 21:15	5.4 MEDIUM	3.5 LOW
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVE-2019-19703 ↗	Dec 10, 2019Tuesday, 10 December 2019, 20:15	6.1 MEDIUM	5.8 MEDIUM
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.