Skip to main content
Skip table of contents

Kotlin

Note: The legacy Mend SAST Application was deprecated on April 1st, 2025. For assistance with migrating to the Mend AppSec Platform, please contact your customer success manager or the success team at success@mend.io.

This article covers Kotlin support and vulnerability detection for Mend SAST.

Mend SAST-supported Kotlin file types

File Type

.kt

.ktm

.kts

Mend SAST-supported Kotlin frameworks

Framework

Micronaut

Mend SAST-supported Kotlin vulnerability types

The Kotlin vulnerability types detected by SAST are provided below, organized by CWE ID within each of their identified severities.

Kotlin high-severity vulnerability types

CWE

Vulnerability Type

CWE-22

Path/Directory Traversal

CWE-73

File Manipulation

CWE-78

Command Injection

CWE-79

Cross-Site Scripting

CWE-89

SQL Injection

CWE-94

Code Injection

CWE-94

Server Pages Execution

CWE-502

Deserialization of Untrusted Data

CWE-643

XPath Injection

CWE-918

Server-Side Request Forgery

Kotlin medium-severity vulnerability types

CWE

Vulnerability Type

CWE-90

LDAP Injection

CWE-209

Log Messages Information Leak

CWE-209

Error Messages Information Exposure

CWE-209

Console Output

CWE-244

Heap Inspection

CWE-338

Weak Pseudo-Random

CWE-400

Sleep Denial of Service

CWE-400

Regex Denial of Service (ReDoS)

CWE-472

Hidden HTML Input

CWE-501

Trust Boundary Violation

CWE-611

XML External Entity (XXE) Injection

CWE-676

Miscellaneous Dangerous Functions

CWE-798

Hardcoded Password/Credentials

Kotlin low-severity vulnerability types

CWE

Vulnerability Type

CWE-20

Session Poisoning

CWE-20

System Properties Change

CWE-20

Mail Relay

CWE-20

Cookie Injection

CWE-113

HTTP Header Injection

CWE-113

HTTP Response Splitting

CWE-117

Log Forging

CWE-326

Weak Encryption Strength

CWE-434

File Upload

CWE-497

System Properties Disclosure

CWE-530

Dangerous File Extensions

CWE-601

Unvalidated/Open Redirect

CWE-916

Weak Hash Strength

CWE-941

Arbitrary Server Connection

CWE-1004

Cookie Without 'HttpOnly' Flag

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.