Jetbrains Ktor

10 CVEs affecting Jetbrains Ktor. Latest disclosed: 2025-03-12. Critical: 0, High: 3.

Top CVEs affecting Jetbrains Ktor
CVE	Severity	Score	Published	Summary
`CVE-2022-29930`	High	`8.7`	2022-05-12	SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
`CVE-2023-45612`	High	`8.6`	2023-10-09	In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
`CVE-2022-48476`	High	`7.5`	2023-04-24	In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
`CVE-2023-45613`	Medium	`6.8`	2023-10-09	In JetBrains Ktor before 2.3.5 server certificates were not verified
`CVE-2025-29904`	Medium	`5.3`	2025-03-12	In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
`CVE-2024-49580`	Medium	`5.3`	2024-10-17	In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
`CVE-2022-38180`	Medium	`5.3`	2022-08-12	In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
`CVE-2022-38179`	Medium	`4.7`	2022-08-12	JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
`CVE-2023-34339`	Low	`3.3`	2023-06-01	In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
`CVE-2022-29035`	Low	`3.3`	2022-04-11	In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations