Inclusion of Functionality from Untrusted Control Sphere in kotlin
CVE-2022-24329
- kotlin
- kotlin-1.2.0-beta
- kotlin-1.1.0-dev
- kotlin-1.1.2-dev
- kotlin-1.1.4-dev
- kotlin-1.3.60-dev
- kotlin-1.0.4-eap
- kotlin-1.1.4-eap
- kotlin-1.1.60-eap
- kotlin-1.2.20-eap
- kotlin-1.2.30-eap
- kotlin-1.2.40-eap
- kotlin-1.2.50-eap
- kotlin-1.2.60-eap
- kotlin-1.2.70-eap
- kotlin-1.3.20-eap
- kotlin-1.3.30-eap
- kotlin-1.3.40-eap
- kotlin-1.3.50-eap
- kotlin-1.3.60-eap
- kotlin-1.3.70-eap
- kotlin-1.2.0-rc
- kotlin-1.3.0-rc
- org.jetbrains.kotlin:kotlin-stdlib
- org.webjars.npm:kotlin
Summary
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Advisory Timeline
- Published
