Lucene search
K

96 matches found

vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.4 views

ch.megard:akka-http-cors_2.12 (>=1.1.0 <=1.2.0), com.avast.grpc:grpc-json-bridge-akkahttp_2.12 (>=0.18.1 <=0.19.0) +242 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.2.0 <=10.2.3)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.2.0, =1.1.0, =0.18.1, =5.6.1, =1.0.16, =1.0.16, =1.0.16, =1.8.0, =7.0, =0.1.22, =2.0.0, =1.3.0, =1.3.0, =0.7.1, =2.2.6, =2.4.0 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315411...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.5 views

biz.lobachev.annette:api-gateway-core_2.13 (=0.3.0), biz.lobachev.annette:application-api-gateway_2.13 (=0.3.0) +456 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0 <=10.2.3)

com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0, =10.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13 and may be impacted: - biz.lobachev.annette:api-gateway-core2.13 =0.3.0 -...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.4 views

be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +470 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.13)

com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315412...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.5 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +897 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.1.13)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.3.0, =0.3.1, =0.4.0, =2.6.0, =2.6.0, =0.3.0, =0.1.0, =0.6.0, =0.1.9, =1.0.0-RC1 - ch.wavein:wi-play-mongo2.12 =1.6 - cn.playscala:play-reactive-mongo2.12 =0.1.0 and more Source cves: CVE-2021-23339 Source advisory:...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
CVE
CVE
added 2021/01/20 5:46 p.m.72 views

CVE-2020-28452

CSRF protection bypass in the akka-http-session library (com.softwaremill.akka-http-session:core) is reported for multiple Scala versions: core_2.12 (before 0.6.1), core_2.11 (all versions), and core_2.13 (before 0.6.1). The root cause is a CSRF check that only ensures the X-XSRF-TOKEN header and...

8.8CVSS7.5AI score0.00524EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.6 views

Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability

Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connectivity support for single page or mobile applications from Softwaremill, Poland. A cross-site request forgery vulnerability exists in Softwaremill Akka-http-session core2.12 from 0 and befo...

8.8CVSS7.2AI score0.00524EPSS
Exploits0References5
Veracode
Veracode
added 2020/11/30 4:35 a.m.20 views

Cross-Site Request Forgery (CSRF)

akka-http-session is vulnerable to cross-site request forgery CSRF. The CSRF protection can be bypassed using an empty X-XSRF-TOKEN header and a XSRF-TOKEN cookie with empty value...

8.8CVSS2.4AI score0.00645EPSS
Exploits0References3Affected Software4
NVD
NVD
added 2020/11/27 5:15 p.m.31 views

CVE-2020-7780

This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...

8.8CVSS6.9AI score0.00645EPSS
Exploits0References6
Prion
Prion
added 2020/11/27 5:15 p.m.16 views

Code injection

This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...

6.8CVSS8.7AI score0.00645EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2020/11/27 12:0 a.m.8 views

Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability

Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connection support for single page or mobile applications from Softwaremill, Poland. A security vulnerability exists in com.softwaremill.akka-http-session:core2.13, which stems from the fact that...

8.8CVSS7.2AI score0.00645EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2020/11/24 4:51 p.m.8 views

com.codacy:codacy-seed-client-akka-http_2.11 (>=1.1.0-featurehelm3.62.2328366_akka24Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.11 (>=0.2.0 <=0.5.11) potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.11 (>=0.2.0 <=0.5.9)

com.softwaremill.akka-http-session:core2.11 MAVEN version =0.2.0, =1.1.0-featurehelm3.62.2328366akka24Circe08, =0.2.0, =0.5.11 Source cves: CVE-2020-28452 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675...

8.8CVSS7.2AI score0.00524EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/11/24 4:51 p.m.7 views

com.boxframework:box-server_2.12 (>=1.2.22 <=1.2.23), com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08) +1 more potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.6.0)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.2.22, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.6.0 Source cves: CVE-2020-28452 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674...

8.8CVSS7.2AI score0.00524EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/03/10 4:51 p.m.6 views

com.softwaremill.akka-http-session:jwt_2.13 (=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.13 (=0.5.10)

com.softwaremill.akka-http-session:core2.13 MAVEN version =0.5.10 is affected by a known vulnerability. The following packages have a transitive dependency on com.softwaremill.akka-http-session:core2.13 and may be impacted: - com.softwaremill.akka-http-session:jwt2.13 =0.5.10 Source cves:...

8.8CVSS7.2AI score0.00645EPSS
Exploits0
Snyk
Snyk
added 2020/03/10 4:51 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. Remediation Upgrade...

8.8CVSS6.8AI score0.00645EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/25 2:21 a.m.16 views

Cross-site Scripting (XSS)

akka-http is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as raw queries were being shown on the error message, allowing XSS attacks...

5.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/22 8:53 p.m.5 views

ba.sake:hepek-play_2.12 (>=0.4.0 <=0.4.1), by.exonit:swagger-play2-play26_2.12 (=1.0.0) +365 more potentially affected by CVE-2017-1000118 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.0.5)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.4.0, =0.3.0, =0.1.0, =0.1.9, =0.0.10, =1.4-P26, =1.4-P26-B3, =2.0.0, =0.1.4, =0.2.0, =0.2.0, =0.3.0-RC6 and more Source cves: CVE-2017-1000118 Source advisory: OSV:GHSA-GFX6-PH4Q-Q54Q...

7.5CVSS7AI score0.01103EPSS
Exploits0
OSV
OSV
added 2018/10/22 8:53 p.m.1 views

GHSA-GFX6-PH4Q-Q54Q Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

7.5CVSS7.1AI score0.01103EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/10/22 8:53 p.m.28 views

Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

7.5CVSS4.8AI score0.01103EPSS
Exploits0References3Affected Software2
vulnersOsv
vulnersOsv
added 2018/10/22 8:37 p.m.10 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +647 more potentially affected by CVE-2018-16131 via com.typesafe.akka:akka-http-core_2.12 (>=10.1.0 <=10.1.3)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.1.0, =0.3.0, =0.3.1, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc1 and more Source cves: CVE-2018-16131 Source advisory: OSV:GHSA-9QGC-P27W-3HJG...

7.8CVSS7.1AI score0.03054EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/22 8:37 p.m.25 views

High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.8CVSS5.1AI score0.03054EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder