Unrated severityNVD Advisory· Published May 21, 2023· Updated Jan 31, 2025

CVE-2023-33251

Description

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.

Affected products

Akka/Akka HTTPdescription
Hyperium/HTTPllm-fuzzy
Range: <10.5.2

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

akka.io/security/akka-http-cve-2023-05-15.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000