4 matches found
com.lightbend.akka.management:akka-management-cluster-bootstrap_3 (>=1.3.0 <=1.4.1), com.lightbend.akka.management:akka-management-cluster-http_3 (>=1.3.0 <=1.4.1) +2 more potentially affected by CVE-2025-46548 via com.lightbend.akka.management:akka-management_3 (>=1.3.0 <=1.4.1)
com.lightbend.akka.management:akka-management3 MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.4.1 Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...
org.apache.pekko:pekko-management-cluster-bootstrap_2.12 (>=1.0.0 <=1.1.0-M1), org.apache.pekko:pekko-management-cluster-http_2.12 (>=1.0.0 <=1.1.0-M1) +2 more potentially affected by CVE-2025-46548 via org.apache.pekko:pekko-management_2.12 (>=1.0.0 <=1.1.0)
org.apache.pekko:pekko-management2.12 MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0-M1 Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...
org.apache.pekko:pekko-management-cluster-bootstrap_3 (>=1.0.0 <=1.1.0-M1), org.apache.pekko:pekko-management-cluster-http_3 (>=1.0.0 <=1.1.0-M1) +2 more potentially affected by CVE-2025-46548 via org.apache.pekko:pekko-management_3 (>=1.0.0 <=1.1.0)
org.apache.pekko:pekko-management3 MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0-M1 Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...