HTTP Request Smuggling Vulnerability in JetBrains Ktor
CVE-2020-26129

6.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 16 November 2020

What is CVE-2020-26129?

In JetBrains Ktor prior to version 1.4.1, a security issue allows for HTTP request smuggling, potentially enabling attackers to manipulate the behavior of web applications. This vulnerability could be exploited to bypass security controls and achieve unauthorized access to sensitive data. Users of affected Ktor versions are advised to upgrade to avoid potential risks.

References

https://blog.jetbrains.com

x_refsource_MISC

https://blog.jetbrains.com/2020/11/16/jetbrains-security-...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2020
Vulnerability Reserved
Sep 28, 2020

Jetbrains

What is CVE-2020-26129?

References

CVSS V3.1

Timeline