Lucene search
K

96 matches found

CNNVD
CNNVD
added 2023/05/11 12:0 a.m.4 views

Lightbeed Akka Akka-http 安全漏洞

Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. A security vulnerability exists in Lightbeed Akka Akka-http versions prior to 2.8.1. An attacker exploited the vulnerability to cause an...

7.5CVSS7.6AI score0.00645EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/06/28 11:23 p.m.5 views

com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-M5 (=2.4.8) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-M5 (=1.3.2)

io.spray:spray-json2.12.0-M5 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-M5 and may be impacted: - com.typesafe.akka:akka-http-spray-json-experimental2.12.0-M5 =2.4.8 Source cves: CVE-2018-18855 Source...

7.1AI score0.00532EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/06/28 11:23 p.m.5 views

com.storm-enroute:scalameter_2.12.0-RC1 (>=0.8 <=0.8.1), com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-RC1 (>=2.4.10 <=2.4.11) +1 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-RC1 (=1.3.2)

io.spray:spray-json2.12.0-RC1 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-RC1 and may be impacted: - com.storm-enroute:scalameter2.12.0-RC1 =0.8, =2.4.10, =2.4.11 - org.spire-math:jawn-spray2.12.0-RC1...

7.1AI score0.00532EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.4 views

ch.megard:akka-http-cors_2.12 (>=1.1.0 <=1.2.0), co.topl:akka-http-rpc_2.12 (>=1.4.2 <=1.7.0) +339 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.12 (>=10.2.0-M1 <=10.2.6)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.2.0-M1, =1.1.0, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =0.7.0, =0.7.0, =0.7.1, =0.7.0, =0.18.1, =5.0.0, =0.5.0, =0.5.0, =0.10.3, =0.10.3, =1.0.18 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...

7.5CVSS7.1AI score0.36139EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.7 views

com.github.swagger-akka-http:swagger-akka-http_2.13.0-RC3 (=2.0.3), com.typesafe.akka:akka-http-caching_2.13.0-RC3 (=10.1.8) +13 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-RC3 (=10.1.8)

com.typesafe.akka:akka-http-core2.13.0-RC3 MAVEN version =10.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13.0-RC3 and may be impacted: - com.github.swagger-akka-http:swagger-akka-http2.13.0-RC3 =2.0.3 -...

7.5CVSS7.1AI score0.36139EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.3 views

com.beachape:enumeratum-play_2.13.0-RC2 (=1.5.16), com.typesafe.akka:akka-http-caching_2.13.0-RC2 (=10.1.8) +6 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-RC2 (=10.1.8)

com.typesafe.akka:akka-http-core2.13.0-RC2 MAVEN version =10.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13.0-RC2 and may be impacted: - com.beachape:enumeratum-play2.13.0-RC2 =1.5.16 -...

7.5CVSS7.1AI score0.36139EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.5 views

be.objectify:deadbolt-java_2.13.0-M5 (=2.7.0), be.objectify:deadbolt-scala_2.13.0-M5 (=2.7.0) +29 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-M5 (>=10.1.7 <=10.1.8)

com.typesafe.akka:akka-http-core2.13.0-M5 MAVEN version =10.1.7, =0.3.4, =0.0.5, =2.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0-M3, =1.0-M3, =1.0-M3, =1.0-M3, =1.0.1, =1.0.2 and more Source cves: CVE-2021-42697 Source advis...

7.5CVSS7.1AI score0.36139EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.6 views

ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1), ai.mantik:componently_2.13 (>=0.4.0 <=0.4.0-rc1) +607 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0-M1 <=10.2.6)

com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0-M1, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...

7.5CVSS7.1AI score0.36139EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.7 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +599 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.12 (>=10.1.0 <=10.1.14)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.1.0, =0.3.0, =0.3.1, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...

7.5CVSS7.1AI score0.36139EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/24 7:19 p.m.4 views

be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +488 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.14)

com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...

7.5CVSS7.1AI score0.36139EPSS
Exploits5
OSV
OSV
added 2022/05/24 7:19 p.m.1 views

GHSA-3HW2-H67C-WQ66 Uncontrolled Recursion in Akka HTTP

Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS7.1AI score0.36139EPSS
Exploits5References8
Github Security Blog
Github Security Blog
added 2022/05/24 7:19 p.m.31 views

Uncontrolled Recursion in Akka HTTP

Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS4.9AI score0.36139EPSS
Exploits5References8Affected Software7
0day.today
0day.today
added 2022/05/11 12:0 a.m.135 views

Akka HTTP 10.1.14 - Denial of Service Exploit

Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697 import argparse...

7.5CVSS7.5AI score0.36139EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.245 views

Akka HTTP 10.1.14 - Denial of Service

Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...

7.5CVSS7.8AI score0.36139EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.201 views

Akka HTTP 10.1.14 Denial Of Service

Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...

7.5CVSS0.36139EPSS
Exploits5
GithubExploit
GithubExploit
added 2022/04/24 5:51 a.m.436 views

Exploit for Uncontrolled Recursion in Akka Http_Server

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can enc...

7.5CVSS7.6AI score0.36139EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/02/09 11:6 p.m.6 views

com.codacy:codacy-seed-client-akka-http_2.11 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.11 (>=0.2.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.11 (>=0.2.0 <=0.5.10)

com.softwaremill.akka-http-session:core2.11 MAVEN version =0.2.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.2.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: OSV:GHSA-Q42Q-523G-3FWV...

8.8CVSS7.2AI score0.00645EPSS
Exploits0
OSV
OSV
added 2022/02/09 11:6 p.m.2 views

GHSA-Q42Q-523G-3FWV Cross-Site Request Forgery

This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...

8.8CVSS7.2AI score0.00645EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2022/01/06 8:23 p.m.5 views

com.boxframework:box-server_2.12 (>=1.2.22 <=1.2.23), com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08) +1 more potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.6.0)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.2.22, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.6.0 Source cves: CVE-2020-28452 Source advisory: OSV:GHSA-4JF5-JGGP-G56J...

8.8CVSS7.2AI score0.00524EPSS
Exploits0
OSV
OSV
added 2022/01/06 8:23 p.m.5 views

GHSA-4JF5-JGGP-G56J Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12

This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...

8.8CVSS7.2AI score0.00524EPSS
Exploits0References7
Rows per page
Query Builder