CVE-2024-49580 - Githubissues

configcat / kotlin-sdk

ConfigCat SDK for Kotlin Multiplatform. ConfigCat is a hosted feature flag service: https://configcat.com. Manage feature toggles across frontend, backend, mobile, desktop apps. Alternative to LaunchDarkly. Management app + feature flag SDKs.

https://configcat.com/docs/sdk-reference/kotlin

MIT License

16 stars 0 forks source link

CVE-2024-49580 #40

Closed toplac closed 1 week ago

toplac commented 1 month ago

We have an automated vulnerability check in our build pipelines. They started failing on Monday due to the above CVE in ktor-client The issue is fixed in Version 3.0.0

See the following advisories

Do you plan to upgrade to version 3.0.0?

z4kn4fein commented 1 month ago

Hi @toplac, thank you for reaching out! If I'm not mistaken, this vulnerability is related to ktor's HttpCache plugin, which we don't use in our SDK. Yes, we'll upgrade ktor to 3.0.0 eventually.

toplac commented 4 weeks ago

@z4kn4fein Thanks for clarification!

novalisdenahi commented 2 weeks ago

Hi @toplac,

I'm happy to inform you that our latest release 4.0.0 contains the ktor update.