Known Vulnerabilities for products from Lightbend
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Lightbend".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-23339 | This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows mul... | 6.5 - MEDIUM | 2021-02-17 | 2021-03-11 |
| CVE-2020-28923 | An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to D... | 2.7 - LOW | 2020-12-03 | 2020-12-07 |
| CVE-2020-27196 | An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a... | 7.5 - HIGH | 2020-11-06 | 2020-11-13 |
| CVE-2020-26883 | In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted J... | 7.5 - HIGH | 2020-11-06 | 2020-11-10 |
| CVE-2020-26882 | In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON inpu... | 7.5 - HIGH | 2020-11-06 | 2020-11-10 |
| CVE-2020-12480 | In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that... | 6.5 - MEDIUM | 2020-08-17 | 2020-08-24 |
| CVE-2019-17598 | An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authentic... | 7.5 - HIGH | 2019-11-05 | 2020-08-24 |
| CVE-2018-18854 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because ... | 7.5 - HIGH | 2018-10-31 | 2018-12-12 |
| CVE-2018-18853 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because ... | 7.5 - HIGH | 2018-10-31 | 2018-12-12 |
| CVE-2018-16131 | The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 al... | 7.5 - HIGH | 2018-08-30 | 2023-11-07 |
| CVE-2018-16115 | Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number genera... | 9.1 - CRITICAL | 2018-08-29 | 2018-11-08 |
| CVE-2018-13864 | A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in... | 7.5 - HIGH | 2018-07-17 | 2019-11-25 |
| CVE-2015-2156 | Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framew... | 7.5 - HIGH | 2017-10-18 | 2023-11-07 |
| CVE-2014-3630 | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 ... | 9.8 - CRITICAL | 2017-12-29 | 2023-11-07 |
Known software with vulnerabilities from Lightbend
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Lightbend | Akka | 2.5.0 |
| Application | Lightbend | Akka Http | 10.0.0 |
| Application | Lightbend | Akka-http | - |
| Application | Lightbend | Play Framework | 2.0 |
| Application | Lightbend | Spray-json | 0.5.0 |