Vulnerability	Vulnerable Version
M Reflect File Download (RFD) Affected versions of this package are vulnerable to Reflect File Download (RFD) in the `io/ktor/http/ContentDisposition` and `io/ktor/http/HeaderValue` classes in `ktor-http.api`, which fail to encode the `Content-Disposition` filename parameter, allowing untrusted files to be downloaded. How to fix Reflect File Download (RFD)? Upgrade `io.ktor:ktor-utils` to version 2.1.0 or higher.	[,2.1.0)
H Predictable Exact Value from Previous Values Affected versions of this package are vulnerable to Predictable Exact Value from Previous Values in the SHA1 implementation, which was returning the same value after hashing. How to fix Predictable Exact Value from Previous Values? Upgrade `io.ktor:ktor-utils` to version 2.0.1 or higher.	[2.0.0,2.0.1)

Reflect File Download (RFD)

Affected versions of this package are vulnerable to Reflect File Download (RFD) in the io/ktor/http/ContentDisposition and io/ktor/http/HeaderValue classes in ktor-http.api, which fail to encode the Content-Disposition filename parameter, allowing untrusted files to be downloaded.

How to fix Reflect File Download (RFD)?

Upgrade io.ktor:ktor-utils to version 2.1.0 or higher.

[,2.1.0)

Predictable Exact Value from Previous Values

Affected versions of this package are vulnerable to Predictable Exact Value from Previous Values in the SHA1 implementation, which was returning the same value after hashing.

How to fix Predictable Exact Value from Previous Values?

Upgrade io.ktor:ktor-utils to version 2.0.1 or higher.

[2.0.0,2.0.1)

Go back to all versions of this package