SHA1 Implementation Vulnerability in JetBrains Ktor Native 2.0.0
CVE-2022-29930

8.7HIGH

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 12 May 2022

What is CVE-2022-29930?

The SHA1 implementation in JetBrains Ktor Native version 2.0.0 had a flaw where it returned the same hash value for different inputs. This could potentially lead to security issues where unique data could be confused or misrepresented, compromising the integrity of applications relying on this hashing method. The issue has been addressed in Ktor version 2.0.1.

Affected Version(s)

Ktor 2.0.0

Ktor 2.0.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

https://github.com/ktorio/ktor/pull/2966

x_refsource_MISC

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2022
Vulnerability Reserved
Apr 29, 2022

Jetbrains

What is CVE-2022-29930?

Affected Version(s)

References

CVSS V3.1

Timeline