Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2021-23339
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
| Software | From | Fixed in |
|---|---|---|
| lightbend / akka-http | - | 10.1.14 |
| lightbend / akka-http | 10.2.0 | 10.2.4 |
com.typesafe.akka / akka-http-core
|
10.2.0 | 10.2.4 |
|
com.typesafe.akka / akka-http-core
|
- | 10.1.14 |
- https://doc.akka.io/docs/akka-http/10.1/security/2021-02-24-incorrect-handling-of-Transfer-Encoding-header.html
- https://github.com/akka/akka-http/commit/e3a4935151c91cee28e65e6b894dd50839ef9d34
- https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201
- https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043