CVE-2022-29035Use of Insufficiently Random Values in Ktor

CWE-330Use of Insufficiently Random Values3 documents3 sources
Severity
2.7LOWNVD
CNA3.3
EPSS
0.0%
top 99.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jetbrains Ktor
Timeline
PublishedApr 11
Latest updateApr 12

Description

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5jetbrains/ktor2.0.02.0.0
NVDjetbrains/ktor< 2.0.0

Patches

Patch: github.comPatch: www.jetbrains.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-wh3j-424q-cvpj: In JetBrains Ktor Native before version 22022-04-12
CVEList
CVE-2022-29035: In JetBrains Ktor Native before version 22022-04-11
CVE-2022-29035 — Use of Insufficiently Random Values | cvebase