Lightbend Akka Http vulnerabilities
2 known vulnerabilities affecting lightbend/akka_http.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-33251MEDIUMCVSS 5.5fixed in 10.5.22023-05-21
CVE-2023-33251 [MEDIUM] CVE-2023-33251: When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directi
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.
nvd
CVE-2018-16131HIGHCVSS 7.5≥ 10.0.0, ≤ 10.0.13≥ 10.1.0, ≤ 10.1.42018-08-30
CVE-2018-16131 [HIGH] CWE-400 CVE-2018-16131: The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.
nvd