Homepage
About Snyk

org.http4s:blaze-core_2.13@0.14.11 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.http4s:blaze-core_2.13 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS). All servers running affected versions of blaze-core are affected. Blaze accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains OS resources.

A workaround is to implement a reverse proxy that implements connection limiting before sockets reach the blaze-core instance.

How to fix Denial of Service (DoS)?

Upgrade org.http4s:blaze-core_2.13 to version 0.14.15 or higher.

[,0.14.15)
Go back to all versions of this package