GHSA-2w7w-2j92-44hx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2w7w-2j92-44hx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-2w7w-2j92-44hx/GHSA-2w7w-2j92-44hx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2w7w-2j92-44hx
- Aliases
- Published
- 2021-05-10T15:17:09Z
- Modified
- 2024-09-03T04:41:57.758778Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- HTTP Request Smuggling in akka-http-core
- Details
-
A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server without having been inspected by the proxy.
- Database specific
{ "nvd_published_at": "2021-02-17T08:15:00Z", "github_reviewed_at": "2021-03-19T22:36:01Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-444" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-23339
- https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201
- https://github.com/akka/akka-http/commit/e3a4935151c91cee28e65e6b894dd50839ef9d34
- https://doc.akka.io/docs/akka-http/10.1/security/2021-02-24-incorrect-handling-of-Transfer-Encoding-header.html
- https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043
Affected packages
Maven / com.typesafe.akka:akka-http-core
Package
- Name
- com.typesafe.akka:akka-http-core
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core
Maven / com.typesafe.akka:akka-http-core
Package
- Name
- com.typesafe.akka:akka-http-core
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core