Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-03
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
| Products | Kotlin, Ktor |
| Type | Cleartext Transmission of Sensitive Information (CWE-319) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.netapp.com/advisory/ntap-20230818-0012/
• https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/ |