Uncontrolled Resource Consumption
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Advisories for Maven/Com.typesafe.akka/Akka-Http-Core package
2023
2021
Out-of-bounds Write
Akka HTTP can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
2017
Improper Restriction of Operations within the Bounds of a Memory Buffer
Illegal Media Range in Accept Header Causes StackOverflowError leading to Denial of Service.