RSS   Vulnerabilities for 'Kotlin'   RSS

2021-02-03
 
CVE-2020-29582

CWE-276
 

 
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

 
2020-08-08
 
CVE-2020-15824

CWE-269
 

 
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.70 is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.

 
2019-07-03
 
CVE-2019-10103

CWE-20
 

 
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.

 
 
CVE-2019-10102

CWE-20
 

 
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

 
 
CVE-2019-10101

CWE-310
 

 
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.

 

 >>> Vendor: Jetbrains 20 Products
Teamcity
Intellij idea
Dotpeek
Resharper ultimate
Youtrack integration
HUB
Youtrack
Kotlin
KTOR
Toolbox
Rider
VIM
Pycharm
Upsource
Resharper
Idetalk
Scala
Space
Goland
Phpstorm


Copyright 2021, cxsecurity.com

 

Back to Top