CVE-2019-19703 — Open Redirect in Ktor

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 99.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 10

Latest updateFeb 12

Description

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

GHSA

URL Redirection to Untrusted Site (Open Redirect) in Ktor↗2020-02-12

▶

OSV

URL Redirection to Untrusted Site (Open Redirect) in Ktor↗2020-02-12

▶

CVEList

CVE-2019-19703: In Ktor through 1↗2019-12-10

▶