Vulnerabilities > Lightbend > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2023-31442 | Unspecified vulnerability in Lightbend Akka Actor and Akka Discovery In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. | 7.5 |
| 2022-06-02 | CVE-2022-31023 | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
| 2022-06-02 | CVE-2022-31018 | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
| 2020-11-06 | CVE-2020-27196 | Out-of-bounds Write vulnerability in Lightbend Play Framework An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. | 7.5 |
| 2020-11-06 | CVE-2020-26883 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | 7.5 |
| 2020-11-06 | CVE-2020-26882 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | 7.5 |
| 2019-11-05 | CVE-2019-17598 | Inadequate Encryption Strength vulnerability in Lightbend Play Framework An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. | 7.5 |
| 2018-10-31 | CVE-2018-18854 | Resource Exhaustion vulnerability in Lightbend Spray-Json Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). | 7.5 |
| 2018-10-31 | CVE-2018-18853 | Resource Exhaustion vulnerability in Lightbend Spray-Json Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. | 7.5 |
| 2018-08-30 | CVE-2018-16131 | Resource Exhaustion vulnerability in Lightbend Akka Http The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb. | 7.5 |