Vulnerabilities > Lightbend > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2023-31442 | Unspecified vulnerability in Lightbend Akka Actor and Akka Discovery In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. | 7.5 |
| 2018-08-30 | CVE-2018-16131 | Resource Exhaustion vulnerability in Lightbend Akka Http The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb. | 7.5 |
| 2017-10-18 | CVE-2015-2156 | Improper Input Validation vulnerability in multiple products Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters. | 7.5 |