akka-http is vulnerable to denial of service via a Zip Bomb
. The vulnerability is caused by the application not having size limitations on decompressed data from the directives decodeRequest
and decodeRequestWith
or when using them in combination with directives like entity(as)
, toStrict
, or formField
.