Main Vulnerability Database Vulnerabilities #VU22508

#VU22508 Input validation error in Kotlin Ktor - CVE-2019-12736

Published: November 5, 2019

Vulnerability identifier: #VU22508

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-12736

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Kotlin Ktor

Software vendor:
JetBrains s.r.o.

Description

The vulnerability allows a remote attacker to inject arbitrary commands on the target system.

The vulnerability exists due to the affected software does not sanitize the username provided by the user for the LDAP protocol. A remote attacker can inject arbitrary commands on the target system.

Remediation

Install updates from vendor's website.

External links

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/