Trending Zero-Day Explore Browse Search Saved

CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Home Trending Zero-Day Watch Attack Types Browse CVEs Search

Legal

Privacy Policy Terms of Service Data Disclaimer

© 2026CVEInsight. For informational use only — not a substitute for professional security advice.

CVE data sourced from NVD / NIST & public disclosures.

jetbrains

ktor

21 known vulnerabilities · sorted by CVSS score

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

jetbrains / ktor

Published Oct 2, 2019

Page 1 of 2

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

jetbrains / ktor

Published May 12, 2022

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

jetbrains / ktor

Published Oct 9, 2023

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

jetbrains / kotlin+1

Published Jul 3, 2019

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

jetbrains / ktor

Published Apr 24, 2023

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.

jetbrains / ktor

Published Nov 9, 2021

In JetBrains Ktor before 2.3.5 server certificates were not verified

jetbrains / ktor

Published Oct 9, 2023

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.

jetbrains / ktor

Published Nov 16, 2020

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.

jetbrains / ktor

Published Dec 10, 2019

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

jetbrains / ktor

Published Jan 27, 2020

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.

jetbrains / ktor

Published Dec 26, 2019

In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.

jetbrains / ktor

Published Feb 3, 2021

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible

jetbrains / ktor

Published Mar 12, 2025

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.

jetbrains / ktor

Published Feb 3, 2021

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure

jetbrains / ktor

Published Oct 17, 2024

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

jetbrains / ktor

Published Aug 12, 2022

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

jetbrains / ktor+1

Published Oct 2, 2019

In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.

jetbrains / ktor

Published Feb 3, 2021

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

jetbrains / ktor

Published Aug 12, 2022

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

jetbrains / ktor

Published Jun 1, 2023