Home/Product/jetbrains ktor
Product

jetbrains ktor

21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-29904
< 3.1.1
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
5.3MEDIUM
 CVE-2024-49580
< 3.0.0
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
5.3MEDIUM
 CVE-2023-45613
< 2.3.5
In JetBrains Ktor before 2.3.5 server certificates were not verified
6.8MEDIUM
 CVE-2023-45612
< 2.3.5
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
8.6HIGH
 CVE-2023-34339
< 2.3.1
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
3.3LOW
 CVE-2022-48476
< 2.3.0
In JetBrains Ktor before 2.3.0 path traversal in the resolveResource method was possible
7.5HIGH
 CVE-2022-38180
< 2.1.0
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
5.3MEDIUM
 CVE-2022-38179
< 2.1.0
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
4.7MEDIUM
 CVE-2022-29930
all versions
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
8.7HIGH
 CVE-2022-29035
< 2.0.0
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
3.3LOW
 CVE-2021-43203
< 1.6.4
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
7.5HIGH
 CVE-2021-25763
< 1.4.2
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
5.3MEDIUM
 CVE-2021-25762
< 1.4.3
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
5.3MEDIUM
 CVE-2021-25761
< 1.5.0
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
5.3MEDIUM
 CVE-2020-26129
< 1.4.1
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
6.5MEDIUM
 CVE-2020-5207
< 1.3.0
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-En
5.4MEDIUM
 CVE-2019-19389
< 1.2.6
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
5.4MEDIUM
 CVE-2019-19703
<= 1.2.6
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
6.1MEDIUM
 CVE-2019-12737
<= 1.1.5
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user crede
5.3MEDIUM
 CVE-2019-12736
<= 1.1.5
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to com
9.8CRITICAL
 CVE-2019-10102
< 1.1.0
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http conn
8.1HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin