com.typesafe.akka:akka-http-core_2.12@10.2.1 vulnerabilities
-
latest version
10.5.3
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
7 months ago
-
licenses detected
- [10.0.6+7-e2ba6752,10.4.0-M1)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.typesafe.akka:akka-http-core_2.12 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
com.typesafe.akka:akka-http-core_2.12 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation. How to fix Denial of Service (DoS)? Upgrade |
[,10.5.3)
|
com.typesafe.akka:akka-http-core_2.12 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release which can encounter stack exhaustion while parsing HTTP headers. It allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. How to fix Improper Resource Shutdown or Release? Upgrade |
[10.2.0-M1,10.2.7)
[,10.1.15)
|
com.typesafe.akka:akka-http-core_2.12 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple How to fix HTTP Request Smuggling? Upgrade |
[10.2.0,10.2.4)
[,10.1.14)
|