Vulnerabilities > Lightbend
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-21 | CVE-2023-33251 | Unspecified vulnerability in Lightbend Akka Http When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | 5.5 |
2023-05-11 | CVE-2023-31442 | Unspecified vulnerability in Lightbend Akka Actor and Akka Discovery In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. | 7.5 |
2023-04-27 | CVE-2023-29471 | Cleartext Storage of Sensitive Information vulnerability in Lightbend Alpakka Kafka Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). | 5.5 |
2022-06-02 | CVE-2022-31023 | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
2022-06-02 | CVE-2022-31018 | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
2021-02-17 | CVE-2021-23339 | HTTP Request Smuggling vulnerability in Lightbend Akka-Http This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. | 6.5 |
2020-12-03 | CVE-2020-28923 | Unspecified vulnerability in Lightbend Play Framework An issue was discovered in Play Framework 2.8.0 through 2.8.4. | 2.7 |
2020-11-06 | CVE-2020-27196 | Out-of-bounds Write vulnerability in Lightbend Play Framework An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. | 7.5 |
2020-11-06 | CVE-2020-26883 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | 7.5 |
2020-11-06 | CVE-2020-26882 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | 7.5 |