Vulnerability in Jetbrains Ktor
CVE-2022-29930
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Jetbrains Ktor — versions 2.0.0, 2.0.1
Weakness classification (CWE)
References
- www.jetbrains.com/privacy-security/issues-fixed/ (x_refsource_MISC)
- github.com/ktorio/ktor/pull/2966 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-29930?
- CVE-2022-29930 is a high-severity vulnerability in Jetbrains Ktor, classified under CWE-342. CVSS score: 8.7/10. Published 2022-05-12.
- How severe is CVE-2022-29930?
- High severity. CVSS v3 base score is 8.7 out of 10.