19 matches found
EUVD-2021-0909
Malware in sbrugna...
HTTP Request/Response Smuggling
com.typesafe.akka:akka-http-core is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to accepting malformed messages and handing them over to the user application, which may proxy them to another server without inspection, allowing unintended HTTP requests to reach downstre...
ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1), ai.mantik:componently_2.13 (>=0.4.0 <=0.4.0-rc1) +1036 more potentially affected by CVE-2023-44487 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.5.2)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.2.0 <=0.5.0) +1253 more potentially affected by CVE-2023-44487 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.5.2)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.3.0, =0.2.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc2 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...
ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1), ai.mantik:componently_2.13 (>=0.4.0 <=0.4.0-rc1) +858 more potentially affected by CVE-2023-44487 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.8 <=10.5.2)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.8, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...
ch.megard:akka-http-cors_2.12 (>=1.1.0 <=1.2.0), co.topl:akka-http-rpc_2.12 (>=1.4.2 <=1.7.0) +339 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.12 (>=10.2.0-M1 <=10.2.6)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.2.0-M1, =1.1.0, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =0.7.0, =0.7.0, =0.7.1, =0.7.0, =0.18.1, =5.0.0, =0.5.0, =0.5.0, =0.10.3, =0.10.3, =1.0.18 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +488 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.14)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1), ai.mantik:componently_2.13 (>=0.4.0 <=0.4.0-rc1) +607 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0-M1 <=10.2.6)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0-M1, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
be.objectify:deadbolt-java_2.13.0-M5 (=2.7.0), be.objectify:deadbolt-scala_2.13.0-M5 (=2.7.0) +29 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-M5 (>=10.1.7 <=10.1.8)
com.typesafe.akka:akka-http-core2.13.0-M5 MAVEN version =10.1.7, =0.3.4, =0.0.5, =2.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0-M3, =1.0-M3, =1.0-M3, =1.0-M3, =1.0.1, =1.0.2 and more Source cves: CVE-2021-42697 Source advis...
com.github.swagger-akka-http:swagger-akka-http_2.13.0-RC3 (=2.0.3), com.typesafe.akka:akka-http-caching_2.13.0-RC3 (=10.1.8) +13 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-RC3 (=10.1.8)
com.typesafe.akka:akka-http-core2.13.0-RC3 MAVEN version =10.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13.0-RC3 and may be impacted: - com.github.swagger-akka-http:swagger-akka-http2.13.0-RC3 =2.0.3 -...
com.beachape:enumeratum-play_2.13.0-RC2 (=1.5.16), com.typesafe.akka:akka-http-caching_2.13.0-RC2 (=10.1.8) +6 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-RC2 (=10.1.8)
com.typesafe.akka:akka-http-core2.13.0-RC2 MAVEN version =10.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13.0-RC2 and may be impacted: - com.beachape:enumeratum-play2.13.0-RC2 =1.5.16 -...
Lightbeed Akka Akka-http Environment Issue Vulnerability
Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. An environment issue vulnerability exists in com.typesafe.akka:akka-http-core that allows multiple Transfer-Encoding headers...
HTTP Request Smuggling
Overview com.typesafe.akka:akka-http-core is a full server- and client-side HTTP stack on top of akka-actor and akka-stream. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation Upgrade com.typesafe.akka:akka-http-co...
HTTP Request Smuggling
Overview com.typesafe.akka:akka-http-core2.11 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation...
HTTP Request Smuggling
Overview com.typesafe.akka:akka-http-core2.12 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +897 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.1.13)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.3.0, =0.3.1, =0.4.0, =2.6.0, =2.6.0, =0.3.0, =0.1.0, =0.6.0, =0.1.9, =1.0.0-RC1 - ch.wavein:wi-play-mongo2.12 =1.6 - cn.playscala:play-reactive-mongo2.12 =0.1.0 and more Source cves: CVE-2021-23339 Source advisory:...
be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +470 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.13)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315412...
biz.lobachev.annette:api-gateway-core_2.13 (=0.3.0), biz.lobachev.annette:application-api-gateway_2.13 (=0.3.0) +456 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0 <=10.2.3)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0, =10.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13 and may be impacted: - biz.lobachev.annette:api-gateway-core2.13 =0.3.0 -...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +647 more potentially affected by CVE-2018-16131 via com.typesafe.akka:akka-http-core_2.12 (>=10.1.0 <=10.1.3)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.1.0, =0.3.0, =0.3.1, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc1 and more Source cves: CVE-2018-16131 Source advisory: OSV:GHSA-9QGC-P27W-3HJG...