Akka Http Server vulnerabilities
3 known vulnerabilities affecting akka/http_server.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2023-44487HIGHCVSS 7.5KEVPoCfixed in 10.5.32023-10-10
CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
nvd
CVE-2021-42697HIGHCVSS 7.5PoC≥ 10.1.0, < 10.1.15≥ 10.2.0, < 10.2.72021-11-02
CVE-2021-42697 [HIGH] CWE-674 CVE-2021-42697: Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsin
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
nvd
CVE-2017-1000118HIGHCVSS 7.5≤ 10.0.52017-10-05
CVE-2017-1000118 [HIGH] CWE-119 CVE-2017-1000118: Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service
nvd