com.typesafe.akka:akka-http-core_2.12 (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.typesafe.akka:akka-http-core_2.12, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2017-1000118 — CVSS 7.5 (high): Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service
CVE-2018-16131 — CVSS 7.5 (high): The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote…
CVE-2021-42697 — CVSS 7.5 (high): Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote…