VYPR

Maven package

com.typesafe.akka/akka-http-core

pkg:maven/com.typesafe.akka/akka-http-core

Vulnerabilities (2)

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 10.5.3fixed 10.5.3

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2021-23339Feb 17, 2021
    affected >= 10.2.0, < 10.2.4fixed 10.2.4

    This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.