Headline

GHSA-9qvj-rpj8-v5c8: Pekko Management may not properly apply authenticator when Basic Authentication enabled

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied.

Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.

23 days ago

ghsa

Open in Source

#apache #git #java #perl #auth #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2025-46548

Pekko Management may not properly apply authenticator when Basic Authentication enabled

Moderate severity GitHub Reviewed Published Jun 3, 2025 to the GitHub Advisory Database • Updated Jun 6, 2025

Package

maven com.lightbend.akka.management:akka-management_2.12 (Maven)

Affected versions

< 1.6.1

maven com.lightbend.akka.management:akka-management_2.13 (Maven)

maven com.lightbend.akka.management:akka-management_3 (Maven)

maven org.apache.pekko:pekko-management_2.12 (Maven)

maven org.apache.pekko:pekko-management_2.13 (Maven)

maven org.apache.pekko:pekko-management_3 (Maven)

Description

Published to the GitHub Advisory Database

Jun 3, 2025

ghsa: Latest News

GHSA-xh32-cx6c-cp4v: Gogs XSS allowed by stored call in PDF renderer

35 minutes ago

ghsa

GHSA-65gg-3w2w-hr4h: Podman Improper Certificate Validation; machine missing TLS verification

19 hours ago

ghsa

GHSA-gjv3-89hh-9xq2: RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment

20 hours ago

ghsa

GHSA-h7qf-qmf3-85qg: Allure Report allows Improper XXE Restriction via DocumentBuilderFactory

1 day ago

ghsa

GHSA-cgvv-3455-824j: Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter

1 day ago

ghsa