Moderate severityNVD Advisory· Published Feb 17, 2021· Updated Sep 16, 2024
HTTP Request Smuggling
CVE-2021-23339
Description
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.typesafe.akka:akka-http-coreMaven | >= 10.2.0, < 10.2.4 | 10.2.4 |
com.typesafe.akka:akka-http-coreMaven | < 10.1.14 | 10.1.14 |
Affected products
2- com.typesafe.akka/akka-http-coredescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-2w7w-2j92-44hxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23339ghsaADVISORY
- doc.akka.io/docs/akka-http/10.1/security/2021-02-24-incorrect-handling-of-Transfer-Encoding-header.htmlghsaWEB
- github.com/akka/akka-http/commit/e3a4935151c91cee28e65e6b894dd50839ef9d34ghsaWEB
- github.com/akka/akka-http/pull/3754%23issuecomment-779265201ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.