com.typesafe.akka:akka-http-core@3.0.0-RC1 vulnerabilities
-
latest version
3.0.0-RC1
-
first published
8 years ago
-
latest version published
8 years ago
-
licenses detected
- [3.0.0-RC1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.typesafe.akka:akka-http-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
com.typesafe.akka:akka-http-core is a full server- and client-side HTTP stack on top of akka-actor and akka-stream. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release which can encounter stack exhaustion while parsing HTTP headers. It allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. How to fix Improper Resource Shutdown or Release? Upgrade |
[10.2.0-M1,10.2.7)
[,10.1.15)
|
com.typesafe.akka:akka-http-core is a full server- and client-side HTTP stack on top of akka-actor and akka-stream. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple How to fix HTTP Request Smuggling? Upgrade |
[10.2.0,10.2.4)
[,10.1.14)
|
com.typesafe.akka:akka-http-core is a full server- and client-side HTTP stack on top of akka-actor and akka-stream. Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker may sent a request that contains an How to fix Denial of Service (DoS)? Upgrade |
[,10.0.6)
|