URL Redirection to Untrusted Site ('Open Redirect')
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
Advisories for Maven/Io.ktor/Ktor-Client-Core package
2020
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.