CVE-2021-23339

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:lightbend:akka-http:*:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:akka-http:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:51

Type Values Removed Values Added
CVSS v2 : 6.4
v3 : 6.5
v2 : 6.4
v3 : 5.0
References () https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201 - Broken Link () https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201 - Broken Link
References () https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043 - Broken Link () https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043 - Broken Link

Information

Published : 2021-02-17 08:15

Updated : 2024-11-21 05:51


NVD link : CVE-2021-23339

Mitre link : CVE-2021-23339

CVE.ORG link : CVE-2021-23339


JSON object : View

Products Affected

lightbend

  • akka-http
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')