Описание
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.30 (исключая)Версия до 1.1.0 (исключая)
Одно из
cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00003
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
EPSS
Процентиль: 0%
0.00003
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-319