Maven package
com.typesafe.akka/akka-http-core_2.12
pkg:maven/com.typesafe.akka/akka-http-core_2.12
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 7.5 | KEV | < 10.5.3 | 10.5.3 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2021-42697 | — | >= 10.1.0, < 10.1.15 | 10.1.15 | Nov 2, 2021 | Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | ||
| CVE-2018-16131 | — | >= 10.1.0, < 10.1.4 | 10.1.4 | Aug 30, 2018 | The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb. | ||
| CVE-2017-1000118 | Hig | 7.5 | < 10.0.6 | 10.0.6 | Oct 5, 2017 | Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service |
- affected < 10.5.3fixed 10.5.3
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2021-42697Nov 2, 2021affected >= 10.1.0, < 10.1.15fixed 10.1.15
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
- CVE-2018-16131Aug 30, 2018affected >= 10.1.0, < 10.1.4fixed 10.1.4
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.
- affected < 10.0.6fixed 10.0.6
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service