GHSA-hccx-cg4v-hrjx

Source

https://github.com/advisories/GHSA-hccx-cg4v-hrjx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-hccx-cg4v-hrjx/GHSA-hccx-cg4v-hrjx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hccx-cg4v-hrjx

Aliases

CVE-2022-38180

Published

2022-08-13T00:00:43Z

Modified

2024-02-22T05:34:42.816726Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider

Details

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

Database specific

{
    "nvd_published_at": "2022-08-12T10:15:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-30T19:56:48Z"
}

References

Affected packages

Maven / io.ktor:ktor

Package

Name: io.ktor:ktor; View open source insights on deps.dev
Purl: pkg:maven/io.ktor/ktor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0

Affected versions

1.*

1.0.0-rc

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.2.0-rc

1.2.0-rc2

1.2.0

1.2.1

1.2.2

1.2.3-rc

1.2.3

1.2.4

1.2.5

1.2.6

1.3.0-rc

1.3.0-rc2

1.3.0

1.3.1

1.3.2-1.4.0-rc

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

2.*

2.0.0-beta-1

2.0.0-rc-1

2.0.0

2.0.1

2.0.2

2.0.3