Reflect File Download Vulnerability in JetBrains Ktor
CVE-2022-38179

4.7MEDIUM

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 12 August 2022

What is CVE-2022-38179?

JetBrains Ktor versions before 2.1.0 are susceptible to a Reflect File Download vulnerability. This issue allows malicious actors to access sensitive files through improper handling of reflection-based downloading. Users and developers are encouraged to update to the latest version to mitigate this risk. For further details and a list of fixed issues, refer to JetBrains' security updates.

Affected Version(s)

Ktor 2.1.0

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

https://github.com/ktorio/ktor/pull/3110

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2022
Vulnerability Reserved
Aug 12, 2022

Jetbrains

What is CVE-2022-38179?

Affected Version(s)

References

CVSS V3.1

Timeline