Akka Http · Akka Http · CVE-2023-33251
**Name of the Vulnerable Software and Affected Versions**
Akka HTTP versions prior to 10.5.2
**Description**
The issue arises when Akka HTTP accepts file uploads via the `FileUploadDirectives.fileUploadAll` directive, creating a temporary file with weak permissions that can be read by other users on Linux or UNIX systems.
**Recommendations**
For versions prior to 10.5.2, update to version 10.5.2 or later to resolve the issue.