Information Disclosure

io.ktor is vulnerable to Information Disclosure. The vulnerability exists due to improper masking of credentials inside exception messages, which allows an attack to exfiltrate the JWT token by sending a crafted message which results in an exception being thrown that displays the full header containing the token.Read More