CVE-2023-45612XML External Entity (XXE) Injection in Ktor

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.6
EPSS
0.0%
top 99.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jetbrains Ktor
Timeline
PublishedOct 9

Description

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5jetbrains/ktor< 2.3.5
NVDjetbrains/ktor< 2.3.5

Patches

Patch: www.jetbrains.comPatch: www.jetbrains.com

🔴Vulnerability Details

2
CVEList
CVE-2023-45612: In JetBrains Ktor before 22023-10-09
GHSA
GHSA-q42m-mp58-hxv5: In JetBrains Ktor before 22023-10-09
CVE-2023-45612 — XML External Entity (XXE) Injection | cvebase