Primary

Context

JetBrains Ktor HTTP Request Smuggling Vulnerability

Vulnerability

A vulnerability allowing HTTP request smuggling was identified in JetBrains Ktor versions prior to 3.1.1. This type of vulnerability can be exploited by manipulating the way HTTP requests are processed, potentially leading to desynchronization between the client and server. As a result, an attacker could smuggle a request that is interpreted differently by the server, bypassing security controls or causing unintended actions.

Impact

Exploitation of this vulnerability could lead to HTTP request smuggling, allowing attackers to interfere with the way requests are processed by the server. This could be used to bypass security measures, manipulate session data, or cause other unintended effects on the application or its users.

Remediation

Users can update to JetBrains Ktor version 3.1.1 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.8

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.8

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JetBrains Ktor HTTP Request Smuggling Vulnerability

Vulnerability

Impact

Remediation

Affected Products

JetBrains Ktor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating