Homepage

io.ktor:ktor-client-cio@1.1.2 vulnerabilities

  • latest version

    3.0.3

  • latest non vulnerable version

    3.0.3

  • first published

    6 years ago

  • latest version published

    29 days ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the io.ktor:ktor-client-cio package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    HTTP Request Smuggling

    io.ktor:ktor-client-cio is a framework for quickly creating web applications in Kotlin with minimal effort.

    Affected versions of this package are vulnerable to HTTP Request Smuggling. Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

    How to fix HTTP Request Smuggling?

    Upgrade io.ktor:ktor-client-cio to version 1.3.0 or higher.

    [,1.3.0)
    Go back to all versions of this package