CVE-2023-33251
First published: Sun May 21 2023(Updated: )
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lightbend Akka HTTP | <10.5.2 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-33251?
CVE-2023-33251 is a vulnerability in Akka HTTP before version 10.5.2 that allows file uploads with weak file permissions.
How does CVE-2023-33251 affect Akka HTTP?
CVE-2023-33251 affects Akka HTTP before version 10.5.2, allowing file uploads with weak file permissions.
What is the severity of CVE-2023-33251?
The severity of CVE-2023-33251 is medium, with a severity value of 5.5.
How can I fix CVE-2023-33251?
To fix CVE-2023-33251, update your Akka HTTP installation to version 10.5.2 or later.
Where can I find more information about CVE-2023-33251?
You can find more information about CVE-2023-33251 at the following reference: [link](https://akka.io/security/akka-http-cve-2023-05-15.html)
- collector/nvd-index
- vendor/lightbend
- product/akka http
- canonical/lightbend akka http
- vendor/linux
- product/linux kernel
- canonical/linux linux kernel