HIGH✓ PATCH🇬🇧 English

CVE-2022-48476

CVSS 7.5v3.1pub. 2023-04-24upd. 2024-11-21

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Jetbrains Ktor

    APP
    Jetbrains
    < 2.3.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2019-12736CRITICAL9.8ten sam produkt

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP prot...

CVE-2023-45612HIGH8.6ten sam produkt

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to X...

CVE-2022-29930HIGH8.7ten sam produkt

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor v...

CVE-2021-43203HIGH7.5ten sam produkt

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented imp...

CVE-2019-10102HIGH8.1ten sam produkt

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifact...