2 matches found
CVE-2023-31442
In Lightbend Akka, the DNS resolver used by Discovery in DNS mode (and by Cluster Bootstrap) had predictable DNS transaction IDs in versions 2.5.14 through 2.8.0, making DNS responses susceptible to spoofing. This can enable data exfiltration if the application performing discovery does not valid...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...