CVE-2022-24329: Improper Locking in JetBrains Kotlin

The vulnerability (CVE-2022-24329) explicitly states that dependency locking was not implemented for Multiplatform Gradle projects in Kotlin versions <1.6.0. This indicates the core vulnerability lies in the dependency resolution subsystem of the Kotlin Gradle plugin's Multiplatform support. While specific function names aren't disclosed in public advisories, the Gradle plugin's dependency management logic for Multiplatform projects would be the logical location for this missing locking functionality. The high confidence comes from: 1) Direct correlation between the vulnerability description and Gradle's dependency locking features 2) JetBrains' own bulletin linking this to Multiplatform Gradle projects 3) The CWE-829 classification confirming this is about unvalidated dependency inclusion.