11 matches found
CVE-2021-42697
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...
com.github.swagger-akka-http:swagger-akka-http_2.13.0-RC3 (=2.0.3), com.typesafe.akka:akka-http-caching_2.13.0-RC3 (=10.1.8) +13 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13.0-RC3 (=10.1.8)
com.typesafe.akka:akka-http-core2.13.0-RC3 MAVEN version =10.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13.0-RC3 and may be impacted: - com.github.swagger-akka-http:swagger-akka-http2.13.0-RC3 =2.0.3 -...
ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1), ai.mantik:componently_2.13 (>=0.4.0 <=0.4.0-rc1) +607 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0-M1 <=10.2.6)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0-M1, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +488 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.14)
com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +599 more potentially affected by CVE-2021-42697 via com.typesafe.akka:akka-http-core_2.12 (>=10.1.0 <=10.1.14)
com.typesafe.akka:akka-http-core2.12 MAVEN version =10.1.0, =0.3.0, =0.3.1, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc1 and more Source cves: CVE-2021-42697 Source advisory: OSV:GHSA-3HW2-H67C-WQ66...
Akka HTTP 10.1.14 - Denial of Service Exploit
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697 import argparse...
Akka HTTP 10.1.14 - Denial of Service
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...
Akka HTTP 10.1.14 Denial Of Service
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...
Exploit for Uncontrolled Recursion in Akka Http_Server
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can enc...
CVE-2021-42697
creationtimestamp| type| source ---|---|--- 2021-11-03 01:23:11+00:00| seen| https://t.me/cibsecurity/31672...
CVE-2021-42697
CVE-2021-42697 affects Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7, where parsing HTTP headers can stack-exhaust and enable a remote DoS via a User-Agent header containing deeply nested comments. Root cause: stack overflow during header parsing. Public advisories (GHSA/OSV) and explo...