io.ktor is vulnerable to Information Disclosure. The vulnerability exists due to improper masking of credentials inside exception messages, which allows an attack to exfiltrate the JWT token by sending a crafted message which results in an exception being thrown that displays the full header containing the token.Read More