Description
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
Remediation
References
http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2019-10420 Vulnerability in maven package org.jenkins-ci.plugins:assembla
CVE-2023-24998 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2017-4971 Vulnerability in maven package org.springframework.webflow:spring-webflow
CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core.internal:myfaces-impl-shared