SHA1 Implementation Vulnerability in JetBrains Ktor Native 2.0.0
CVE-2022-29930

8.7HIGH

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 12 May 2022

Summary

The SHA1 implementation in JetBrains Ktor Native version 2.0.0 had a flaw where it returned the same hash value for different inputs. This could potentially lead to security issues where unique data could be confused or misrepresented, compromising the integrity of applications relying on this hashing method. The issue has been addressed in Ktor version 2.0.1.

Affected Version(s)

Ktor 2.0.0

Ktor 2.0.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

https://github.com/ktorio/ktor/pull/2966

x_refsource_MISC

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 12, 2022
Vulnerability Reserved
Apr 29, 2022