CVE-2022-24329 — Inclusion of Functionality from Untrusted Control Sphere in Kotlin

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere CWE-667 — Improper Locking13 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 99.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jetbrains Kotlin Oracle Communications Cloud Native Core Binding Support Function Oracle Communications Pricing Design Center

Timeline

PublishedFeb 25

Latest updateOct 15

Description

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDjetbrains/kotlin< 1.6.0

▶NVDoracle/communications_pricing_design_center12.0.0.4, 12.0.0.5+1

▶NVDoracle/communications_cloud_native_core_binding_support_function22.1.3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Improper Locking in JetBrains Kotlin↗2022-02-26

▶

OSV

Improper Locking in JetBrains Kotlin↗2022-02-26

▶

CVEList

CVE-2022-24329: In JetBrains Kotlin before 1↗2022-02-25

▶

OSV

CVE-2022-24329: In JetBrains Kotlin before 1↗2022-02-25

▶

📋Vendor Advisories

Oracle

Oracle Oracle Insurance Applications Risk Matrix: EWPS (JetBrains Kotlin) — CVE-2022-24329↗2025-10-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (JetBrains Kotlin) — CVE-2022-24329↗2024-04-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Install/Upgrade (JetBrains Kotlin) — CVE-2022-24329↗2023-10-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Majel Mobile Service (Kotlin) — CVE-2022-24329↗2023-01-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: BSF (JetBrains Kotlin) — CVE-2022-24329↗2022-07-15

▶