Known Vulnerabilities for products from Lightbend
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Lightbend".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-33251 json | When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it... | 5.5 - MEDIUM | 2023-05-21 | 2023-05-30 |
| CVE-2023-31442 json | In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) ... | 7.5 - HIGH | 2023-05-11 | 2023-05-22 |
| CVE-2023-29471 json | Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials ... | 5.5 - MEDIUM | 2023-04-27 | 2023-05-05 |
| CVE-2022-31023 json | Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages ... | 7.5 - HIGH | 2022-06-02 | 2022-06-11 |
| CVE-2022-31018 json | Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 ... | 7.5 - HIGH | 2022-06-02 | 2022-06-13 |
| CVE-2021-23339 json | This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows mul... | 6.5 - MEDIUM | 2021-02-17 | 2021-03-11 |
| CVE-2020-28923 json | An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to D... | 2.7 - LOW | 2020-12-03 | 2020-12-07 |
| CVE-2020-27196 json | An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a... | 7.5 - HIGH | 2020-11-06 | 2020-11-13 |
| CVE-2020-26883 json | In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted J... | 7.5 - HIGH | 2020-11-06 | 2020-11-10 |
| CVE-2020-26882 json | In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON inpu... | 7.5 - HIGH | 2020-11-06 | 2020-11-10 |
| CVE-2020-12480 json | In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that... | 6.5 - MEDIUM | 2020-08-17 | 2020-08-24 |
| CVE-2019-17598 json | An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authentic... | 7.5 - HIGH | 2019-11-05 | 2020-08-24 |
| CVE-2018-18854 json | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because ... | 7.5 - HIGH | 2018-10-31 | 2018-12-12 |
| CVE-2018-18853 json | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because ... | 7.5 - HIGH | 2018-10-31 | 2018-12-12 |
| CVE-2018-16131 json | The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 al... | 7.5 - HIGH | 2018-08-30 | 2023-11-07 |
| CVE-2018-16115 json | Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number genera... | 9.1 - CRITICAL | 2018-08-29 | 2018-11-08 |
| CVE-2018-13864 json | A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in... | 7.5 - HIGH | 2018-07-17 | 2019-11-25 |
| CVE-2015-2156 json | Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framew... | Not Provided | 2017-10-18 | 2025-04-20 |
| CVE-2014-3630 json | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 ... | Not Provided | 2017-12-29 | 2025-04-20 |
Known software with vulnerabilities from Lightbend
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Lightbend | Akka | 2.5.0 |
| Application | Lightbend | Akka-http | - |
| Application | Lightbend | Akka Http | 10.0.0 |
| Application | Lightbend | Play Framework | 2.0 |
| Application | Lightbend | Spray-json | 0.5.0 |