CVE-2022-38179Incomplete List of Disallowed Inputs in Ktor

CWE-184Incomplete List of Disallowed InputsCWE-697Incorrect Comparison4 documents4 sources
Severity
6.1MEDIUMNVD
CNA4.7
EPSS
0.0%
top 99.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jetbrains Ktor
Timeline
PublishedAug 12
Latest updateAug 13

Description

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5jetbrains/ktor2.1.02.1.0
NVDjetbrains/ktor< 2.1.0

🔴Vulnerability Details

3
GHSA
JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack2022-08-13
OSV
JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack2022-08-13
CVEList
CVE-2022-38179: JetBrains Ktor before 22022-08-12
CVE-2022-38179 — Incomplete List of Disallowed Inputs | cvebase