HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2019-10102

CVSS 8.1v3.0pub. 2019-07-03upd. 2024-11-21

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jetbrains Kotlin

    APP
    Jetbrains
    < 1.3.30
  • Jetbrains Ktor

    APP
    Jetbrains
    < 1.1.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2019-12736CRITICAL9.8ten sam produkt

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP prot...

CVE-2023-45612HIGH8.6ten sam produkt

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to X...

CVE-2022-48476HIGH7.5ten sam produkt

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

CVE-2022-29930HIGH8.7ten sam produkt

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor v...

CVE-2021-43203HIGH7.5ten sam produkt

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented imp...