Vulnerabilities > Lightbend > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-21 | CVE-2023-33251 | Unspecified vulnerability in Lightbend Akka Http When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | 5.5 |
| 2023-04-27 | CVE-2023-29471 | Cleartext Storage of Sensitive Information vulnerability in Lightbend Alpakka Kafka Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). | 5.5 |
| 2021-02-17 | CVE-2021-23339 | HTTP Request Smuggling vulnerability in Lightbend Akka-Http This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. | 6.5 |
| 2020-08-17 | CVE-2020-12480 | Cross-Site Request Forgery (CSRF) vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed. | 6.5 |