Jetbrains Kotlin vulnerabilities

6 known vulnerabilities affecting jetbrains/kotlin.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-24329MEDIUMCVSS 5.3fixed in 1.6.02022-02-25
CVE-2022-24329 [MEDIUM] CWE-829 CVE-2022-24329: In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
nvd
CVE-2020-29582MEDIUMCVSS 5.3fixed in 2.1.02021-02-03
CVE-2020-29582 [MEDIUM] CWE-276 CVE-2020-29582: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder crea In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
nvd
CVE-2020-15824HIGHCVSS 8.8v1.4.02020-08-08
CVE-2020-15824 [HIGH] CWE-269 CVE-2020-15824: In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed vers In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
nvd
CVE-2019-10103HIGHCVSS 8.1fixed in 1.3.302019-07-03
CVE-2019-10103 [HIGH] CVE-2019-10103: JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were r JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
nvd
CVE-2019-10101HIGHCVSS 8.1fixed in 1.3.302019-07-03
CVE-2019-10101 [HIGH] CWE-319 CVE-2019-10101: JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
nvd
CVE-2019-10102HIGHCVSS 8.1fixed in 1.3.302019-07-03
CVE-2019-10102 [HIGH] CWE-319 CVE-2019-10102: JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolvin JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
nvd