Description
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
Remediation
References
https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201
https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043
Related Vulnerabilities
CVE-2020-28469 Vulnerability in maven package org.webjars.bowergithub.es128:glob-parent
CVE-2016-4437 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2023-26135 Vulnerability in npm package flatnest
CVE-2021-23360 Vulnerability in npm package killport
CVE-2011-4838 Vulnerability in maven package org.jruby:jruby-stdlib