96 matches found
ch.megard:akka-http-cors_2.12 (>=1.1.0 <=1.2.0), com.avast.grpc:grpc-json-bridge-akkahttp_2.12 (>=0.18.1 <=0.19.0) +242 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.2.0 <=10.2.3)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.2.0, =1.1.0, =0.18.1, =5.6.1, =1.0.16, =1.0.16, =1.0.16, =1.8.0, =7.0, =0.1.22, =2.0.0, =1.3.0, =1.3.0, =0.7.1, =2.2.6, =2.4.0 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315411...
biz.lobachev.annette:api-gateway-core_2.13 (=0.3.0), biz.lobachev.annette:application-api-gateway_2.13 (=0.3.0) +456 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0 <=10.2.3)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0, =10.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13 and may be impacted: - biz.lobachev.annette:api-gateway-core2.13 =0.3.0 -...
be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +470 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.13)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315412...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +897 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.1.13)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.3.0, =0.3.1, =0.4.0, =2.6.0, =2.6.0, =0.3.0, =0.1.0, =0.6.0, =0.1.9, =1.0.0-RC1 - ch.wavein:wi-play-mongo2.12 =1.6 - cn.playscala:play-reactive-mongo2.12 =0.1.0 and more Source cves: CVE-2021-23339 Source advisory:...
CVE-2020-28452
CSRF protection bypass in the akka-http-session library (com.softwaremill.akka-http-session:core) is reported for multiple Scala versions: core_2.12 (before 0.6.1), core_2.11 (all versions), and core_2.13 (before 0.6.1). The root cause is a CSRF check that only ensures the X-XSRF-TOKEN header and...
Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability
Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connectivity support for single page or mobile applications from Softwaremill, Poland. A cross-site request forgery vulnerability exists in Softwaremill Akka-http-session core2.12 from 0 and befo...
Cross-Site Request Forgery (CSRF)
akka-http-session is vulnerable to cross-site request forgery CSRF. The CSRF protection can be bypassed using an empty X-XSRF-TOKEN header and a XSRF-TOKEN cookie with empty value...
CVE-2020-7780
This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...
Code injection
This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...
Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability
Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connection support for single page or mobile applications from Softwaremill, Poland. A security vulnerability exists in com.softwaremill.akka-http-session:core2.13, which stems from the fact that...
com.codacy:codacy-seed-client-akka-http_2.11 (>=1.1.0-featurehelm3.62.2328366_akka24Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.11 (>=0.2.0 <=0.5.11) potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.11 (>=0.2.0 <=0.5.9)
com.softwaremill.akka-http-session:core2.11 MAVEN version =0.2.0, =1.1.0-featurehelm3.62.2328366akka24Circe08, =0.2.0, =0.5.11 Source cves: CVE-2020-28452 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046675...
com.boxframework:box-server_2.12 (>=1.2.22 <=1.2.23), com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08) +1 more potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.6.0)
com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.2.22, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.6.0 Source cves: CVE-2020-28452 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674...
com.softwaremill.akka-http-session:jwt_2.13 (=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.13 (=0.5.10)
com.softwaremill.akka-http-session:core2.13 MAVEN version =0.5.10 is affected by a known vulnerability. The following packages have a transitive dependency on com.softwaremill.akka-http-session:core2.13 and may be impacted: - com.softwaremill.akka-http-session:jwt2.13 =0.5.10 Source cves:...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. Remediation Upgrade...
Cross-site Scripting (XSS)
akka-http is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as raw queries were being shown on the error message, allowing XSS attacks...
ba.sake:hepek-play_2.12 (>=0.4.0 <=0.4.1), by.exonit:swagger-play2-play26_2.12 (=1.0.0) +365 more potentially affected by CVE-2017-1000118 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.0.5)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.4.0, =0.3.0, =0.1.0, =0.1.9, =0.0.10, =1.4-P26, =1.4-P26-B3, =2.0.0, =0.1.4, =0.2.0, =0.2.0, =0.3.0-RC6 and more Source cves: CVE-2017-1000118 Source advisory: OSV:GHSA-GFX6-PH4Q-Q54Q...
GHSA-GFX6-PH4Q-Q54Q Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core
Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...
Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core
Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +647 more potentially affected by CVE-2018-16131 via com.typesafe.akka:akka-http-core_2.12 (>=10.1.0 <=10.1.3)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.1.0, =0.3.0, =0.3.1, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc1 and more Source cves: CVE-2018-16131 Source advisory: OSV:GHSA-9QGC-P27W-3HJG...
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...