Vulnerability Details : CVE-2022-38179
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
Exploit prediction scoring system (EPSS) score for CVE-2022-38179
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 28 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-38179
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.7
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.6
|
2.7
|
[email protected] |
|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
[email protected] |
CWE ids for CVE-2022-38179
-
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.Assigned by: [email protected] (Secondary)
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by: [email protected] (Primary)
References for CVE-2022-38179
-
https://www.jetbrains.com/privacy-security/issues-fixed/
Vendor Advisory
-
https://github.com/ktorio/ktor/pull/3110
Third Party Advisory
Products affected by CVE-2022-38179
- cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*