akka/akka-http

akka/akka-http

Releases82

Frequency1 month 1 week

Last Release 3 months ago

Stars1.35K

The Streaming-first HTTP server/module of Akka

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-44487 ↗	Oct 10, 2023Tuesday, 10 October 2023, 14:15	7.5 HIGH	—
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-23339 ↗	Feb 17, 2021Wednesday, 17 February 2021, 08:15	5 MEDIUM	6.4 MEDIUM
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
CVE-2018-16131 ↗	Aug 30, 2018Thursday, 30 August 2018, 13:29	—	7.8 HIGH
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.