lightbend

Top products

The 15 most recently published vulnerabilities affecting lightbend.

• CVE-2025-46548Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective6.5Jun 3, 2025
• CVE-2023-33251When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linu...4.7May 21, 2023
• CVE-2023-31442In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making ...7.5May 11, 2023
• CVE-2023-29471Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.inte...5.5Apr 27, 2023
• CVE-2022-31023Dev error stack trace leaking into prod in Play Framework5.9Jun 2, 2022
• CVE-2022-31018Denial of service binding form from JSON in Play Framework7.5Jun 2, 2022
• CVE-2021-23339HTTP Request Smuggling5.0Feb 17, 2021
• CVE-2020-28923An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prio...2.7Dec 3, 2020
• CVE-2020-26882In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.7.5Nov 6, 2020
• CVE-2020-27196An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a va...7.5Nov 6, 2020
• CVE-2020-26883In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.7.5Nov 6, 2020
• CVE-2020-12480In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.6.5Aug 17, 2020
• CVE-2019-17598An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when ...7.5Nov 5, 2019
• CVE-2018-18854Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields ...7.5Oct 31, 2018
• CVE-2018-18853Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many...7.5Oct 31, 2018