97 matches found
EUVD-2018-0601
Malware in sbrugna...
EUVD-2021-0909
Malware in sbrugna...
EUVD-2018-0565
Malware in sbrugna...
EUVD-2022-0445
Malicious code in bioql PyPI...
EUVD-2022-1143
Malicious code in bioql PyPI...
EUVD-2023-37419
Malicious code in bioql PyPI...
CVE-2023-33251
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...
CVE-2021-42697
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
CVE-2017-1000118
Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...
HTTP Request/Response Smuggling
com.typesafe.akka:akka-http-core is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to accepting malformed messages and handing them over to the user application, which may proxy them to another server without inspection, allowing unintended HTTP requests to reach downstre...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.2.0 <=0.5.0) +1253 more potentially affected by CVE-2023-44487 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.5.2)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.3.0, =0.2.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc2 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...
ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1), ai.mantik:componently_2.13 (>=0.4.0 <=0.4.0-rc1) +1036 more potentially affected by CVE-2023-44487 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.5.2)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...
Information Disclosure
com.typesafe.akka:akka-http is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to of sensitive information due to the creation of temporary files with weak permissions via the FileUploadDirectives.fileUploadAll directive...
CVE-2023-33251
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...
CVE-2023-33251
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...
Design/Logic Flaw
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...
CVE-2023-33251
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...
CVE-2023-33251
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...
CVE-2023-33251
CVE-2023-33251 affects Akka HTTP prior to 10.5.2 where FileUploadDirectives.fileUploadAll creates a temporary file with overly permissive permissions, allowing other users on Unix-like systems to read it. This is an information disclosure risk tied to temporary-file handling in the file upload pa...
Lightbeed Akka Akka-http 安全漏洞
Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. A security vulnerability exists in Lightbeed Akka Akka-http versions prior to 10.5.2, which stems from weak permissions on temporary fil...