In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure

In JetBrains Ktor before 2.3.5 server certificates were not verified

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.