CVE-2017-1000034: Deserialization of Untrusted Data

October 22, 2018 (updated September 15, 2021)

Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.

References

github.com/advisories/GHSA-mm57-9j6q-rxm2
nvd.nist.gov/vuln/detail/CVE-2017-1000034

Code Behaviors & Features

Detect and mitigate CVE-2017-1000034 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →