Vulnerabilities > Lightbend > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-21 | CVE-2023-33251 | Unspecified vulnerability in Lightbend Akka Http When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | 5.5 |
| 2023-04-27 | CVE-2023-29471 | Cleartext Storage of Sensitive Information vulnerability in Lightbend Alpakka Kafka Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). | 5.5 |
| 2022-06-02 | CVE-2022-31023 | Information Exposure Through an Error Message vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 5.0 |
| 2022-06-02 | CVE-2022-31018 | Resource Exhaustion vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 5.0 |
| 2021-02-17 | CVE-2021-23339 | HTTP Request Smuggling vulnerability in Lightbend Akka-Http This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. | 6.4 |
| 2020-12-03 | CVE-2020-28923 | Unspecified vulnerability in Lightbend Play Framework An issue was discovered in Play Framework 2.8.0 through 2.8.4. | 4.0 |
| 2020-11-06 | CVE-2020-27196 | Out-of-bounds Write vulnerability in Lightbend Play Framework An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. | 5.0 |
| 2020-11-06 | CVE-2020-26883 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | 5.0 |
| 2020-11-06 | CVE-2020-26882 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | 5.0 |
| 2020-08-17 | CVE-2020-12480 | Cross-Site Request Forgery (CSRF) vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed. | 4.3 |