96 matches found
Lightbeed Akka Akka-http 安全漏洞
Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. A security vulnerability exists in Lightbeed Akka Akka-http versions prior to 2.8.1. An attacker exploited the vulnerability to cause an...
com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-M5 (=2.4.8) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-M5 (=1.3.2)
io.spray:spray-json2.12.0-M5 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-M5 and may be impacted: - com.typesafe.akka:akka-http-spray-json-experimental2.12.0-M5 =2.4.8 Source cves: CVE-2018-18855 Source...
com.storm-enroute:scalameter_2.12.0-RC1 (>=0.8 <=0.8.1), com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-RC1 (>=2.4.10 <=2.4.11) +1 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-RC1 (=1.3.2)
io.spray:spray-json2.12.0-RC1 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-RC1 and may be impacted: - com.storm-enroute:scalameter2.12.0-RC1 =0.8, =2.4.10, =2.4.11 - org.spire-math:jawn-spray2.12.0-RC1...
ch.megard:akka-http-cors_2.12 (>=1.1.0 <=1.2.0), co.topl:akka-http-rpc_2.12 (>=1.4.2 <=1.7.0) +339 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.12 (>=10.2.0-M1 <=10.2.6)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.2.0-M1, =1.1.0, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =0.7.0, =0.7.0, =0.7.1, =0.7.0, =0.18.1, =5.0.0, =0.5.0, =0.5.0, =0.10.3, =0.10.3, =1.0.18 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
com.github.swagger-akka-http:swagger-akka-http_2.13.0-RC3 (=2.0.3), com.typesafe.akka:akka-http-caching_2.13.0-RC3 (=10.1.8) +13 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-RC3 (=10.1.8)
com.typesafe.akka:akka-http-core2.13.0-RC3 MAVEN version =10.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13.0-RC3 and may be impacted: - com.github.swagger-akka-http:swagger-akka-http2.13.0-RC3 =2.0.3 -...
com.beachape:enumeratum-play_2.13.0-RC2 (=1.5.16), com.typesafe.akka:akka-http-caching_2.13.0-RC2 (=10.1.8) +6 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-RC2 (=10.1.8)
com.typesafe.akka:akka-http-core2.13.0-RC2 MAVEN version =10.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13.0-RC2 and may be impacted: - com.beachape:enumeratum-play2.13.0-RC2 =1.5.16 -...
be.objectify:deadbolt-java_2.13.0-M5 (=2.7.0), be.objectify:deadbolt-scala_2.13.0-M5 (=2.7.0) +29 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-M5 (>=10.1.7 <=10.1.8)
com.typesafe.akka:akka-http-core2.13.0-M5 MAVEN version =10.1.7, =0.3.4, =0.0.5, =2.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0-M3, =1.0-M3, =1.0-M3, =1.0-M3, =1.0.1, =1.0.2 and more Source cves: CVE-2021-42697 Source advis...
ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1), ai.mantik:componently_2.13 (>=0.4.0 <=0.4.0-rc1) +607 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0-M1 <=10.2.6)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0-M1, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +599 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.12 (>=10.1.0 <=10.1.14)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.1.0, =0.3.0, =0.3.1, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +488 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.14)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
GHSA-3HW2-H67C-WQ66 Uncontrolled Recursion in Akka HTTP
Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
Uncontrolled Recursion in Akka HTTP
Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
Akka HTTP 10.1.14 - Denial of Service Exploit
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697 import argparse...
Akka HTTP 10.1.14 - Denial of Service
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...
Akka HTTP 10.1.14 Denial Of Service
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...
Exploit for Uncontrolled Recursion in Akka Http_Server
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can enc...
com.codacy:codacy-seed-client-akka-http_2.11 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.11 (>=0.2.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.11 (>=0.2.0 <=0.5.10)
com.softwaremill.akka-http-session:core2.11 MAVEN version =0.2.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.2.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: OSV:GHSA-Q42Q-523G-3FWV...
GHSA-Q42Q-523G-3FWV Cross-Site Request Forgery
This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...
com.boxframework:box-server_2.12 (>=1.2.22 <=1.2.23), com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08) +1 more potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.6.0)
com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.2.22, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.6.0 Source cves: CVE-2020-28452 Source advisory: OSV:GHSA-4JF5-JGGP-G56J...
GHSA-4JF5-JGGP-G56J Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...