Vulnerability Details CVE-2021-23339
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.8%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 6.4
References
Products affected by CVE-2021-23339
-
cpe:2.3:a:lightbend:akka-http:-
-
cpe:2.3:a:lightbend:akka-http:10.0.0
-
cpe:2.3:a:lightbend:akka-http:10.0.1
-
cpe:2.3:a:lightbend:akka-http:10.0.10
-
cpe:2.3:a:lightbend:akka-http:10.0.11
-
cpe:2.3:a:lightbend:akka-http:10.0.14
-
cpe:2.3:a:lightbend:akka-http:10.0.15
-
cpe:2.3:a:lightbend:akka-http:10.0.2
-
cpe:2.3:a:lightbend:akka-http:10.0.3
-
cpe:2.3:a:lightbend:akka-http:10.0.4
-
cpe:2.3:a:lightbend:akka-http:10.0.5
-
cpe:2.3:a:lightbend:akka-http:10.0.6
-
cpe:2.3:a:lightbend:akka-http:10.0.7
-
cpe:2.3:a:lightbend:akka-http:10.0.8
-
cpe:2.3:a:lightbend:akka-http:10.0.9
-
cpe:2.3:a:lightbend:akka-http:10.1.0
-
cpe:2.3:a:lightbend:akka-http:10.1.1
-
cpe:2.3:a:lightbend:akka-http:10.1.10
-
cpe:2.3:a:lightbend:akka-http:10.1.11
-
cpe:2.3:a:lightbend:akka-http:10.1.12
-
cpe:2.3:a:lightbend:akka-http:10.1.13
-
cpe:2.3:a:lightbend:akka-http:10.1.2
-
cpe:2.3:a:lightbend:akka-http:10.1.3
-
cpe:2.3:a:lightbend:akka-http:10.1.4
-
cpe:2.3:a:lightbend:akka-http:10.1.5
-
cpe:2.3:a:lightbend:akka-http:10.1.6
-
cpe:2.3:a:lightbend:akka-http:10.1.7
-
cpe:2.3:a:lightbend:akka-http:10.1.8
-
cpe:2.3:a:lightbend:akka-http:10.1.9
-
cpe:2.3:a:lightbend:akka-http:10.2.0
-
cpe:2.3:a:lightbend:akka-http:10.2.1
-
cpe:2.3:a:lightbend:akka-http:10.2.2
-
cpe:2.3:a:lightbend:akka-http:10.2.3