CVE-2024-49580: JetBrains Ktor information disclosure
(updated )
Improper caching in JetBrains Ktor before 3.0.0 in the HttpCache Plugin could lead to response information disclosure.
References
- github.com/advisories/GHSA-8qv4-773j-c979
- github.com/ktorio/ktor
- github.com/ktorio/ktor/commit/0665736fc35c8ab5525241e975f36819b67f9d3e
- github.com/ktorio/ktor/commit/d6c3a51df169c163e8f0b9ce77bbe543c70116ac
- github.com/ktorio/ktor/pull/4337
- github.com/ktorio/ktor/pull/4368
- github.com/ktorio/ktor/releases/tag/2.3.13
- nvd.nist.gov/vuln/detail/CVE-2024-49580
- www.jetbrains.com/privacy-security/issues-fixed
- youtrack.jetbrains.com/issue/KTOR-7483
Code Behaviors & Features
Detect and mitigate CVE-2024-49580 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →