CVE-2021-43203
- EPSS 0%
- Published 09.11.2021 15:15:10
- Last modified 21.11.2024 06:28:50
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
CVE-2021-25763
- EPSS 0%
- Published 03.02.2021 16:15:14
- Last modified 21.11.2024 05:55:23
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
CVE-2021-25762
- EPSS 0%
- Published 03.02.2021 16:15:14
- Last modified 21.11.2024 05:55:23
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
CVE-2021-25761
- EPSS 0%
- Published 03.02.2021 16:15:14
- Last modified 21.11.2024 05:55:23
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
CVE-2020-26129
- EPSS 0%
- Published 16.11.2020 16:15:14
- Last modified 21.11.2024 05:19:18
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
CVE-2020-5207
- EPSS 0%
- Published 27.01.2020 20:15:10
- Last modified 21.11.2024 05:33:40
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
CVE-2019-19389
- EPSS 0.01%
- Published 26.12.2019 21:15:11
- Last modified 21.11.2024 04:34:42
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVE-2019-19703
- EPSS 0%
- Published 10.12.2019 20:15:17
- Last modified 21.11.2024 04:35:13
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVE-2019-12737
- EPSS 0%
- Published 02.10.2019 19:15:14
- Last modified 21.11.2024 04:23:28
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVE-2019-12736
- EPSS 0.03%
- Published 02.10.2019 19:15:14
- Last modified 21.11.2024 04:23:28
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.