CVE-2018-16131: Uncontrolled Resource Consumption

October 22, 2018 (updated September 8, 2021)

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.

References

github.com/advisories/GHSA-9qgc-p27w-3hjg
github.com/akka/akka-http/issues/2137
nvd.nist.gov/vuln/detail/CVE-2018-16131

Code Behaviors & Features

Detect and mitigate CVE-2018-16131 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →