GCVE - cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Jetbrains (`b1b7db7a-bd16-5477-8e89-fb64c5636fcd`)
Product	Kotlin (`43aa7dfb-6ea8-5d2c-b38a-bcb528ab1227`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/jetbrains/kotlin`	purl2cpe	2026-06-01 10:11:31.043739
`pkg:jetbrains/kotlin`	purl2cpe	2026-06-01 10:11:31.043740

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-24329`	vulnerable	2026-06-08 05:41:00.159056	Details available In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Published: 2022-02-25T14:35:03.000Z Updated: 2024-08-03T04:07:02.514Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://www.oracle.com/security-alerts/cpuapr2022.html https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/ https://www.oracle.com/security-alerts/cpujul2022.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-29582`	vulnerable	2026-06-08 05:24:58.481309	Details available In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. Published: 2021-02-03T15:20:28.000Z Updated: 2024-08-04T16:55:10.292Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/ https://www.oracle.com/security-alerts/cpujan2022.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10103`	vulnerable	2026-06-08 05:12:22.249544	Details available JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. Published: 2019-07-03T00:00:00.000Z Updated: 2024-08-04T22:10:09.757Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/ https://security.netapp.com/advisory/ntap-20230818-0012/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10102`	vulnerable	2026-06-08 05:12:22.248178	Details available JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. Published: 2019-07-03T00:00:00.000Z Updated: 2024-08-04T22:10:09.352Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/ https://security.netapp.com/advisory/ntap-20230818-0012/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10101`	vulnerable	2026-06-08 05:12:22.247688	Details available JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Published: 2019-07-03T00:00:00.000Z Updated: 2024-08-04T22:10:09.656Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/ https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb https://security.netapp.com/advisory/ntap-20230818-0012/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.