Description
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
Remediation
References
https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201
https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043
Related Vulnerabilities
CVE-2017-10355 Vulnerability in maven package xerces:xercesimpl
CVE-2020-28436 Vulnerability in npm package google-cloudstorage-commands
CVE-2014-3743 Vulnerability in npm package marked
CVE-2020-7743 Vulnerability in npm package mathjs
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle