Vulnerabilities > Lightbend

DATE CVE VULNERABILITY TITLE RISK
2023-05-21 CVE-2023-33251 Unspecified vulnerability in Lightbend Akka Http
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.
local
low complexity
lightbend
5.5
2023-05-11 CVE-2023-31442 Unspecified vulnerability in Lightbend Akka Actor and Akka Discovery
In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker.
network
low complexity
lightbend
7.5
2023-04-27 CVE-2023-29471 Cleartext Storage of Sensitive Information vulnerability in Lightbend Alpakka Kafka
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured).
local
low complexity
lightbend CWE-312
5.5
2022-06-02 CVE-2022-31023 Unspecified vulnerability in Lightbend Play Framework
Play Framework is a web framework for Java and Scala.
network
low complexity
lightbend
7.5
2022-06-02 CVE-2022-31018 Unspecified vulnerability in Lightbend Play Framework
Play Framework is a web framework for Java and Scala.
network
low complexity
lightbend
7.5
2021-02-17 CVE-2021-23339 HTTP Request Smuggling vulnerability in Lightbend Akka-Http
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core.
network
low complexity
lightbend CWE-444
6.5
2020-12-03 CVE-2020-28923 Unspecified vulnerability in Lightbend Play Framework
An issue was discovered in Play Framework 2.8.0 through 2.8.4.
network
low complexity
lightbend
2.7
2020-11-06 CVE-2020-27196 Out-of-bounds Write vulnerability in Lightbend Play Framework
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2.
network
low complexity
lightbend CWE-787
7.5
2020-11-06 CVE-2020-26883 Uncontrolled Recursion vulnerability in Lightbend Play Framework
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
network
low complexity
lightbend CWE-674
7.5
2020-11-06 CVE-2020-26882 Uncontrolled Recursion vulnerability in Lightbend Play Framework
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
network
low complexity
lightbend CWE-674
7.5