59 matches found
CVE-2023-29471
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...
EUVD-2018-0748
Malware in sbrugna...
EUVD-2018-0769
Malware in sbrugna...
EUVD-2018-0643
Malware in sbrugna...
EUVD-2022-2289
Malicious code in bioql PyPI...
EUVD-2023-35750
Malicious code in bioql PyPI...
EUVD-2023-1201
Malicious code in bioql PyPI...
com.ing.baker:bakery-interaction-k8s-interaction-manager_2.13 (>=3.6.2 <=5.0.0), com.ing.baker:bakery-state-k8s_2.13 (=3.5.0) +8 more potentially affected by CVE-2025-53393 via com.typesafe.akka:akka-cluster-metrics_2.13 (>=2.6.11 <=2.9.0-M2)
com.typesafe.akka:akka-cluster-metrics2.13 MAVEN version =2.6.11, =3.6.2, =3.5.0, =22.10.0, =0.1.6, =0.1.0-beta4, =2.9.1, =3.30.0, =3.31.0 Source cves: CVE-2025-53393 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-10567746...
CVE-2019-17598
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
Security Bulletin: Multiple vulnerabilities in Lightbend Spray spray-json affect IBM Application Performance Management products.
Summary Lightbend Spray spray-json is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-18854 DESCRIPTION: Lightbend Spray spray-json is vulnerable to a denial of service, caused by an error during the parsing of many JSON object fields. By sending a...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...
Design/Logic Flaw
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...
CVE-2023-31442
In Lightbend Akka, the DNS resolver used by Discovery in DNS mode (and by Cluster Bootstrap) had predictable DNS transaction IDs in versions 2.5.14 through 2.8.0, making DNS responses susceptible to spoofing. This can enable data exfiltration if the application performing discovery does not valid...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...
GHSA-55VQ-XPJF-R2XC Lightbend Alpakka Kafka logs credentials on debug level
Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...
Lightbend Alpakka Kafka logs credentials on debug level
Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...
CVE-2023-29471
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...
CVE-2023-29471
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...
Design/Logic Flaw
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...