PT-2023-16311 · Undefined · Undefined

🚨 CVE-2023-33251 When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. 🎖@cveNotify...

CVE-2023-31442

In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...

PT-2022-28249 · Unknown +1 · System.Common.Drawing +2

Name of the Vulnerable Software and Affected Versions: Akka.NET versions prior to 1.4.46 Akka.NET versions prior to 1.5.0-alpha3 Description: The issue is related to a remote code execution vulnerability in System.Common.Drawing v4.7.0, which is a dependency of the Akka module. The real-world...

Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service

...

Akka HTTP Accept Header Denial of Service Vulnerability

Akka HTTP is an HTTP application. A security vulnerability in Akka HTTP's handling of the ACCEPT header allows remote attackers to exploit the vulnerability to submit specially crafted requests that can crash the application...