CVE-2019-19389Injection in Ktor

CWE-74Injection3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 99.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jetbrains Ktor
Timeline
PublishedDec 26
Latest updateMay 24

Description

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDjetbrains/ktor< 1.2.6

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) in Ktor2022-05-24
CVEList
CVE-2019-19389: JetBrains Ktor framework before version 12019-12-26
CVE-2019-19389 — Injection in Jetbrains Ktor | cvebase