Home > Vulnerability Database > CVE-2022-24329

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2022-24329

Good to know:

Date: February 25, 2022

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

Language: Java

Severity Score

5.3

Related Resources (8)

Url: https://blog.jetbrains.com

Url: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24329

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/

Url: https://www.oracle.com/security-alerts/cpujul2022.html

Url: https://github.com/JetBrains/kotlin

Url: https://www.mend.io/vulnerability-database/CVE-2022-24329

Severity Score

5.3

Weakness Type (CWE)

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

Improper Locking

CWE-667

Top Fix

Upgrade Version

Upgrade to version org.jetbrains.kotlin:kotlin-stdlib:1.6.0

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us