com.typesafe.akka:akka-http-core_2.11@2.4.10 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.typesafe.akka:akka-http-core_2.11 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
HTTP Request Smuggling

com.typesafe.akka:akka-http-core_2.11 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client.

Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers.

How to fix HTTP Request Smuggling?

Upgrade com.typesafe.akka:akka-http-core_2.11 to version 10.2.4, 10.1.14 or higher.

[10.2.0,10.2.4) [,10.1.14)
  • H
Denial of Service (DoS)

com.typesafe.akka:akka-http-core_2.11 modules implement a full server and client-side HTTP stack on top of akka-actor and akka-stream.

Affected versions of the package are vulnerable to Denial of Service (DoS). An attacker may sent a request that contains an Accept header with an unsupported media range beginning with a wildcard. This will cause a stack overflow during negotiation of the content type. Normally, stack overflows are treated as fatal errors, so that the JVM process will shut itself down immediately.

How to fix Denial of Service (DoS)?

Upgrade akka-http-core_2.11 to version 10.0.6 or higher.

[,10.0.6)