Open mend-for-github-com[bot] opened 3 years ago
akka-http-core
Library home page: https://akka.io
Path to vulnerable library: /home/wss-scanner/.ivy2/cache/com.typesafe.akka/akka-http-core_2.11/jars/akka-http-core_2.11-10.0.15.jar
Dependency Hierarchy: - play-akka-http-server_2.11-2.6.25.jar (Root Library) - :x: **akka-http-core_2.11-10.0.15.jar** (Vulnerable Library)
Found in HEAD commit: d5a0ed9bff63893a5435e09333d22846f6bb3acc
Found in base branch: master
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
Publish Date: 2021-02-17
URL: CVE-2021-23339
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
CVE-2021-23339 - Medium Severity Vulnerability
Vulnerable Library - akka-http-core_2.11-10.0.15.jar
akka-http-core
Library home page: https://akka.io
Path to vulnerable library: /home/wss-scanner/.ivy2/cache/com.typesafe.akka/akka-http-core_2.11/jars/akka-http-core_2.11-10.0.15.jar
Dependency Hierarchy: - play-akka-http-server_2.11-2.6.25.jar (Root Library) - :x: **akka-http-core_2.11-10.0.15.jar** (Vulnerable Library)
Found in HEAD commit: d5a0ed9bff63893a5435e09333d22846f6bb3acc
Found in base branch: master
Vulnerability Details
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
Publish Date: 2021-02-17
URL: CVE-2021-23339
CVSS 3 Score Details (6.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.