CVE-2022-24329

Description

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

How to fix CVE-2022-24329

To remediate CVE-2022-24329, upgrade the affected package to a fixed version below.

• Maven/org.jetbrains.kotlin:kotlin-stdlib—upgrade to 1.6.0 or later

Is CVE-2022-24329 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.6.0

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-24329
• PATCHgithub.com/JetBrains/kotlin
• WEBblog.jetbrains.com
• WEBblog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021
• WEBwww.oracle.com