CVE-2022-24329: Improper Locking in JetBrains Kotlin

February 26, 2022 (updated October 29, 2024)

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

References

blog.jetbrains.com/
blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021
github.com/JetBrains/kotlin
github.com/advisories/GHSA-2qp4-g3q3-f92w
nvd.nist.gov/vuln/detail/CVE-2022-24329
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html

Code Behaviors & Features

Detect and mitigate CVE-2022-24329 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →