Skip to main content

Ktor CVE-2019-19389

MEDIUM
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2019-12-26 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 26, 2019 - 21:15 nvd
MEDIUM 5.4

DescriptionNVD

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.

AnalysisAI

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-74. JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Affected products include: Jetbrains Ktor. Version information: version 1.2.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ktor

View all
CVE-2019-19703 MEDIUM POC
6.1 Dec 10

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. Rated medium s

CVE-2023-45612 CRITICAL
9.8 Oct 09

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE. Rated

CVE-2019-12736 CRITICAL
9.8 Oct 02

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, lead

CVE-2023-45613 CRITICAL
9.1 Oct 09

In JetBrains Ktor before 2.3.5 server certificates were not verified. Rated critical severity (CVSS 9.1), this vulnerabi

CVE-2019-10102 HIGH
8.1 Jul 03

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an

CVE-2021-43203 HIGH
7.5 Nov 09

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. R

CVE-2020-5207 HIGH
7.5 Jan 27

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and T

CVE-2022-38180 MEDIUM
6.5 Aug 12

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases. Rated medium severity

CVE-2020-26129 MEDIUM
6.5 Nov 16

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Rated medium severity (CVSS 6.5), this vulnerabilit

CVE-2022-38179 MEDIUM
6.1 Aug 12

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack. Rated medium severity (CVSS 6.1), this v

CVE-2025-29904 MEDIUM
5.3 Mar 12

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible. Rated medium severity (CVSS 5.3), this vulnerabil

CVE-2024-49580 MEDIUM
5.3 Oct 17

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure. Rate

Share

CVE-2019-19389 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy