GHSA-3hw2-h67c-wq66

Suggest an improvement
Source
https://github.com/advisories/GHSA-3hw2-h67c-wq66
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3hw2-h67c-wq66/GHSA-3hw2-h67c-wq66.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3hw2-h67c-wq66
Aliases
Published
2022-05-24T19:19:40Z
Modified
2023-11-08T04:07:07.378562Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Uncontrolled Recursion in Akka HTTP
Details

Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.

References

Affected packages

Maven / com.typesafe.akka:akka-http

Package

Name
com.typesafe.akka:akka-http
View open source insights on deps.dev
Purl
pkg:maven/com.typesafe.akka/akka-http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.1.0
Fixed
10.2.7

Database specific

{
    "last_known_affected_version_range": "<= 10.2.6"
}