Описание
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) in Ktor
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-19389
- https://github.com/ktorio/ktor/pull/1408
- https://github.com/ktorio/ktor/pull/1408/files/b6fbd47a09292e07a0fb09a5268c881172285a12#diff-20d6913e40cb2ce736c98e4fae333379
- https://blog.jetbrains.com
- https://gist.github.com/JLLeitschuh/6792947ed57d589b08c1cc8b666c7737
- https://twitter.com/JLLeitschuh/status/1210256191110230017?s=20
EPSS
Процентиль: 0%
0.00005
Низкий
CVE ID
Связанные уязвимости
CVSS3: 5.4
nvd
около 6 лет назад
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
EPSS
Процентиль: 0%
0.00005
Низкий