Jrudolph

**Name of the Vulnerable Software and Affected Versions** com.typesafe.akka:akka-http-core versions prior to 10.1.14 com.typesafe.akka:akka-http-core versions 10.2.0 through 10.2.4 **Description** The issue allows multiple Transfer-Encoding headers, which can lead to a malformed message being accepted by a vulnerable Akka HTTP server. If this message is proxied to another server without inspection, it may be interpreted as two HTTP messages, potentially bypassing security checks. **Recommendations** For versions prior to 10.1.14, update to version 10.1.14 or later. For versions 10.2.0 through 10.2.4, update to a version later than 10.2.4. As a temporary workaround, consider restricting the acceptance of multiple Transfer-Encoding headers in the Akka HTTP server configuration until a patch is available.