CVE-2021-42697 (High) detected in akka-http-core_2.12-10.2.6.jar #185
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-42697 - High Severity Vulnerability
Akka Http: Modern, fast, asynchronous, streaming-first HTTP server and client.
Library home page: https://akka.io
Path to vulnerable library: /home/wss-scanner/.ivy2/cache/com.typesafe.akka/akka-http-core_2.12/jars/akka-http-core_2.12-10.2.6.jar
Dependency Hierarchy:
Found in HEAD commit: 7d1407f1f418319c237e85d6192ff68235350b0b
Found in base branch: master
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
Publish Date: 2021-11-02
URL: CVE-2021-42697
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html
Release Date: 2021-11-02
Fix Resolution: com.typesafe.akka:akka-http-core_2.13:10.2.7
The text was updated successfully, but these errors were encountered: