Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.typesafe.akka/akka-http-core@10.2.0

Type maven

Namespace com.typesafe.akka

Name akka-http-core

Version 10.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-9u45-d21t-b7fq

vulnerability_id VCID-9u45-d21t-b7fq

summary

HTTP Request Smuggling in akka-http-core
A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server without having been inspected by the proxy.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23339

reference_id

reference_type

scores

value	0.00211
scoring_system	epss
scoring_elements	0.43414
published_at	2026-05-14T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43643
published_at	2026-04-16T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43632
published_at	2026-04-18T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43567
published_at	2026-04-21T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43499
published_at	2026-04-24T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43503
published_at	2026-04-26T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.4342
published_at	2026-04-29T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.4329
published_at	2026-05-05T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43366
published_at	2026-05-07T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43383
published_at	2026-05-09T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43321
published_at	2026-05-11T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43352
published_at	2026-05-12T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43529
published_at	2026-04-01T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43592
published_at	2026-04-02T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43618
published_at	2026-04-04T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43555
published_at	2026-04-07T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43606
published_at	2026-04-08T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43611
published_at	2026-04-09T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43629
published_at	2026-04-11T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43598
published_at	2026-04-12T12:55:00Z

value	0.00211
scoring_system	epss
scoring_elements	0.43582
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23339

reference_url

https://doc.akka.io/docs/akka-http/10.1/security/2021-02-24-incorrect-handling-of-Transfer-Encoding-header.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://doc.akka.io/docs/akka-http/10.1/security/2021-02-24-incorrect-handling-of-Transfer-Encoding-header.html

reference_url

https://github.com/akka/akka-http/commit/e3a4935151c91cee28e65e6b894dd50839ef9d34

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/akka/akka-http/commit/e3a4935151c91cee28e65e6b894dd50839ef9d34

reference_url

https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23339

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23339

reference_url

https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043

reference_url

https://github.com/advisories/GHSA-2w7w-2j92-44hx

reference_id

GHSA-2w7w-2j92-44hx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2w7w-2j92-44hx

fixed_packages

url	pkg:maven/com.typesafe.akka/akka-http-core@10.2.4
purl	pkg:maven/com.typesafe.akka/akka-http-core@10.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core@10.2.4

aliases CVE-2021-23339, GHSA-2w7w-2j92-44hx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u45-d21t-b7fq

url VCID-w7g1-y7u7-z3fg

vulnerability_id VCID-w7g1-y7u7-z3fg

summary

Out-of-bounds Write
Akka HTTP can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a `User-Agent` header with deeply nested comments.

references

reference_url

http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html

reference_url

https://akka.io/blog

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://akka.io/blog

reference_url	https://akka.io/blog/
reference_id
reference_type
scores
url	https://akka.io/blog/

reference_url

https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released

reference_url

https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-42697

reference_id

reference_type

scores

value	0.75541
scoring_system	epss
scoring_elements	0.98921
published_at	2026-05-14T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.989
published_at	2026-04-18T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98904
published_at	2026-04-21T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98908
published_at	2026-04-26T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98909
published_at	2026-04-29T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98913
published_at	2026-05-05T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98914
published_at	2026-05-07T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98916
published_at	2026-05-09T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98918
published_at	2026-05-11T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.9892
published_at	2026-05-12T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98887
published_at	2026-04-01T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98889
published_at	2026-04-02T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.9889
published_at	2026-04-04T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98893
published_at	2026-04-07T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98894
published_at	2026-04-09T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98896
published_at	2026-04-12T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98897
published_at	2026-04-13T12:55:00Z

value	0.75541
scoring_system	epss
scoring_elements	0.98899
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-42697

reference_url

https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html

reference_url

https://github.com/akka/akka-http

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/akka/akka-http

reference_url

https://github.com/akka/akka-http/pull/3924

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/akka/akka-http/pull/3924

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50892.py
reference_id	CVE-2021-42697
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50892.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-42697

reference_id

CVE-2021-42697

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-42697

reference_url

https://github.com/advisories/GHSA-3hw2-h67c-wq66

reference_id

GHSA-3hw2-h67c-wq66

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3hw2-h67c-wq66

fixed_packages

url	pkg:maven/com.typesafe.akka/akka-http-core@10.2.7
purl	pkg:maven/com.typesafe.akka/akka-http-core@10.2.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core@10.2.7

aliases CVE-2021-42697, GHSA-3hw2-h67c-wq66

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7g1-y7u7-z3fg

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core@10.2.0

Package Instance