GHSA-3hw2-h67c-wq66
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3hw2-h67c-wq66
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3hw2-h67c-wq66/GHSA-3hw2-h67c-wq66.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3hw2-h67c-wq66
- Aliases
- Published
- 2022-05-24T19:19:40Z
- Modified
- 2025-09-30T18:16:55.386086Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Uncontrolled Recursion in Akka HTTP
- Details
-
Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
- Database specific
{ "github_reviewed_at": "2022-06-21T20:08:40Z", "github_reviewed": true, "severity": "HIGH", "nvd_published_at": "2021-11-02T22:15:00Z", "cwe_ids": [ "CWE-674", "CWE-787" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-42697
- https://github.com/akka/akka-http/pull/3924
- https://akka.io/blog
- https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released
- https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released
- https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html
- https://github.com/akka/akka-http
- http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html
Affected packages
Maven
com.typesafe.akka:akka-http-core_2.13.0-RC3
Package
- Name
- com.typesafe.akka:akka-http-core_2.13.0-RC3
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.13.0-RC3
com.typesafe.akka:akka-http-core_2.13.0-RC2
Package
- Name
- com.typesafe.akka:akka-http-core_2.13.0-RC2
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.13.0-RC2
com.typesafe.akka:akka-http-core_2.13.0-M5
Package
- Name
- com.typesafe.akka:akka-http-core_2.13.0-M5
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.13.0-M5
com.typesafe.akka:aakka-http-core_2.13.0-M3
Package
- Name
- com.typesafe.akka:aakka-http-core_2.13.0-M3
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/aakka-http-core_2.13.0-M3
com.typesafe.akka:akka-http-core_2.13
Package
- Name
- com.typesafe.akka:akka-http-core_2.13
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.13
com.typesafe.akka:akka-http-core_2.13
Package
- Name
- com.typesafe.akka:akka-http-core_2.13
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.13
com.typesafe.akka:akka-http-core_2.12
Package
- Name
- com.typesafe.akka:akka-http-core_2.12
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.12
com.typesafe.akka:akka-http-core_2.12
Package
- Name
- com.typesafe.akka:akka-http-core_2.12
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.12
com.typesafe.akka:akka-http-core_2.11
Package
- Name
- com.typesafe.akka:akka-http-core_2.11
- View open source insights on deps.dev
- Purl
- pkg:maven/com.typesafe.akka/akka-http-core_2.11