#VU60367 Security features bypass in Kotlin
Vulnerability identifier: #VU60367
Vulnerability risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Kotlin
Universal components / Libraries /
Programming Languages & Components
Vendor: JetBrains s.r.o.
Description
The vulnerability allows a remote user to bypass certain security restrictions.
The vulnerability exists due to unspecified error, related to the ability to lock dependencies for Kotlin Multiplatform Gradle projects.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Kotlin: 1.5.0 - 1.5.32
External links
http://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
