Maven package
com.typesafe.akka/aakka-http-core_2.13.0-M3
pkg:maven/com.typesafe.akka/aakka-http-core_2.13.0-M3
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-42697 | — | >= 10.1.0 | — | Nov 2, 2021 | Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. |
- CVE-2021-42697Nov 2, 2021affected >= 10.1.0
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.