CVE-2025-29904
- EPSS 0%
- Published 12.03.2025 12:36:15
- Last modified 02.10.2025 15:49:13
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
CVE-2024-49580
- EPSS 0%
- Published 17.10.2024 13:15:14
- Last modified 06.12.2024 14:15:20
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
CVE-2023-45613
- EPSS 0.01%
- Published 09.10.2023 11:15:11
- Last modified 21.11.2024 08:27:03
In JetBrains Ktor before 2.3.5 server certificates were not verified
CVE-2023-45612
- EPSS 0%
- Published 09.10.2023 11:15:11
- Last modified 21.11.2024 08:27:03
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
CVE-2023-34339
- EPSS 0%
- Published 01.06.2023 19:15:09
- Last modified 21.11.2024 08:07:02
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
CVE-2022-48476
- EPSS 0%
- Published 24.04.2023 13:15:07
- Last modified 21.11.2024 07:33:24
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVE-2022-38180
- EPSS 0%
- Published 12.08.2022 10:15:28
- Last modified 21.11.2024 07:15:57
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
CVE-2022-38179
- EPSS 0%
- Published 12.08.2022 10:15:28
- Last modified 21.11.2024 07:15:56
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
CVE-2022-29930
- EPSS 0%
- Published 12.05.2022 09:15:14
- Last modified 21.11.2024 06:59:59
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
- EPSS 0%
- Published 11.04.2022 19:15:08
- Last modified 21.11.2024 06:58:22
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations