8 matches found
CVE-2021-21293
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a...
io.github.jmcardon:tsec-http4s_2.13.0-M5 (>=0.1.0 <=0.1.0-M4), org.http4s:http4s-blaze-server_2.13.0-M5 (>=0.20.0 <=0.20.10) +3 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_2.13.0-M5 (>=0.20.0-RC1 <=0.20.9)
org.http4s:http4s-server2.13.0-M5 MAVEN version =0.20.0-RC1, =0.1.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.10 Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...
com.avast:sst-app-monix_3 (>=0.17.0 <=0.19.3), com.avast:sst-app-zio_3 (>=0.17.0 <=0.19.3) +23 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_3 (>=0.22.0 <=0.22.4)
org.http4s:http4s-server3 MAVEN version =0.22.0, =0.17.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =0.16.0, =0.18.1, =0.22.0, =0.22.0, =0.22.15 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...
Design/Logic Flaw
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a...
GHSA-XMW9-Q7X9-J5QC Unbounded connection acceptance leads to file handle exhaustion
Impact All servers running blaze-core = 0.14.14, including blaze-http and http4s-blaze-server users, are affected. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request...
Unbounded connection acceptance leads to file handle exhaustion
Impact All servers running blaze-core = 0.14.14, including blaze-http and http4s-blaze-server users, are affected. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request...
CVE-2021-21293 Unbounded connection acceptance leads to file handle exhaustion
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a...
PT-2021-14395 · Unknown +1 · Blaze-Core +5
Name of the Vulnerable Software and Affected Versions: blaze-core versions prior to 0.14.15 http4s-blaze-server versions prior to 0.21.17 Description: The issue is caused by unbounded connection acceptance in blaze-core, leading to file handle exhaustion. This can amplify degradation in services...