akka/akka-http
Releases82
Frequency1 month 1 week
Last Release
Stars1.35K
The Streaming-first HTTP server/module of Akka
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | 7.5 HIGH | — | ||
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
| < 10.1.14, >= 10.2.0, < 10.2.4 | 5 MEDIUM | 6.4 MEDIUM | ||
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers. | ||||
| >= 10.0.0, <= 10.0.13, >= 10.1.0, <= 10.1.4 | — | 7.8 HIGH | ||
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb. | ||||