96 matches found
Akka HTTP < 10.2.7 DoS Vulnerability
Akka HTTP is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Denial Of Service (DoS)
akka-http-core is vulnerable to Denial of Service DoS. A remote attacker is able to crash the application via a specifically crafted user-Agent header with deeply nested comments directed through vulnerable parser component...
CVE-2021-42697
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
CVE-2021-42697
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
Design/Logic Flaw
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
CVE-2021-42697
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
CVE-2021-42697
CVE-2021-42697 affects Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7, where parsing HTTP headers can stack-exhaust and enable a remote DoS via a User-Agent header containing deeply nested comments. Root cause: stack overflow during header parsing. Public advisories (GHSA/OSV) and explo...
Lightbeed Akka Akka-http缓冲区错误漏洞
Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. A buffer error vulnerability exists in Akka HTTP, which allows an attacker to conduct a denial of service attack by sending a User-Agent...
Security Bulletin: akka-http-core Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-23339)
Summary akka-http-core allows is vulnerable to allow multiple Transfer-Encoding headers on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-23339 DESCRIPTION: com.typesafe.akka:akka-http-core is vulnerable to request smuggling, caused by improper validation of request. By...
HTTP Request Smuggling in akka-http-core
A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server...
GHSA-2W7W-2J92-44HX HTTP Request Smuggling in akka-http-core
A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server...
CVE-2021-23339
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...
Design/Logic Flaw
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...
CVE-2021-23339 HTTP Request Smuggling
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...
CVE-2021-23339
CVE-2021-23339 affects com.typesafe.akka:akka-http-core. The flaw allows multiple Transfer-Encoding headers, enabling HTTP Request Smuggling due to improper validation of requests. Affected versions are all before 10.1.14 and 10.2.0–10.2.4. The issue is rooted in how Transfer-Encoding is handled,...
Lightbeed Akka Akka-http Environment Issue Vulnerability
Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. An environment issue vulnerability exists in com.typesafe.akka:akka-http-core that allows multiple Transfer-Encoding headers...
ch.megard:akka-http-cors_2.12 (>=1.1.0 <=1.2.0), com.avast.grpc:grpc-json-bridge-akkahttp_2.12 (>=0.18.1 <=0.19.0) +242 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.2.0 <=10.2.3)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.2.0, =1.1.0, =0.18.1, =5.6.1, =1.0.16, =1.0.16, =1.0.16, =1.8.0, =7.0, =0.1.22, =2.0.0, =1.3.0, =1.3.0, =0.7.1, =2.2.6, =2.4.0 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315411...
biz.lobachev.annette:api-gateway-core_2.13 (=0.3.0), biz.lobachev.annette:application-api-gateway_2.13 (=0.3.0) +456 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0 <=10.2.3)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0, =10.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13 and may be impacted: - biz.lobachev.annette:api-gateway-core2.13 =0.3.0 -...
be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +470 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.13)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315412...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +897 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.1.13)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.3.0, =0.3.1, =0.4.0, =2.6.0, =2.6.0, =0.3.0, =0.1.0, =0.6.0, =0.1.9, =1.0.0-RC1 - ch.wavein:wi-play-mongo2.12 =1.6 - cn.playscala:play-reactive-mongo2.12 =0.1.0 and more Source cves: CVE-2021-23339 Source advisory:...