14 matches found
EUVD-2025-16746
Malicious code in bioql PyPI...
CVE-2025-46548
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
io.lighty.applications.rcgnmi:lighty-rcgnmi-app-module (>=22.0.0 <=22.1.0), io.lighty.applications.rnc:lighty-rnc-module (>=22.0.0 <=22.1.0) +28 more potentially affected by CVE-2025-46548 via org.apache.pekko:pekko-management_2.13 (>=1.0.0 <=1.1.0)
org.apache.pekko:pekko-management2.13 MAVEN version =1.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =1.0.0, =1.1.0-M1 and more Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...
GHSA-9QVJ-RPJ8-V5C8 Pekko Management may not properly apply authenticator when Basic Authentication is enabled
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
org.apache.pekko:pekko-management-cluster-bootstrap_2.12 (>=1.0.0 <=1.1.0-M1), org.apache.pekko:pekko-management-cluster-http_2.12 (>=1.0.0 <=1.1.0-M1) +2 more potentially affected by CVE-2025-46548 via org.apache.pekko:pekko-management_2.12 (>=1.0.0 <=1.1.0)
org.apache.pekko:pekko-management2.12 MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0-M1 Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...
org.apache.pekko:pekko-management-cluster-bootstrap_3 (>=1.0.0 <=1.1.0-M1), org.apache.pekko:pekko-management-cluster-http_3 (>=1.0.0 <=1.1.0-M1) +2 more potentially affected by CVE-2025-46548 via org.apache.pekko:pekko-management_3 (>=1.0.0 <=1.1.0)
org.apache.pekko:pekko-management3 MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0-M1 Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...
Pekko Management may not properly apply authenticator when Basic Authentication is enabled
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548
CVE-2025-46548 affects Pekko Management (Java DSL) where enabling Basic Authentication may cause the authenticator to not be properly applied. The issue can lead to insufficient access control if management ports are not restricted to trusted users. The advisory recommends upgrading Pekko Managem...
CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
PT-2025-23624 · Unknown · Pekko Management
Name of the Vulnerable Software and Affected Versions: Pekko Management versions prior to 1.1.1 Description: The issue arises when Basic Authentication is enabled in Pekko Management using the Java DSL, potentially causing the authenticator to not be properly applied. This could affect users who...
Apache Pekko Management 安全漏洞
Apache Pekko Management is a set of tools from the Apache Foundation USA for operating Pekko clusters. A security vulnerability exists in Apache Pekko Management versions prior to 1.0.0 that stems from the possibility that basic authentication in the Java DSL may not be applied correctly...