CVE-2017-1000034

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-1000034

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000034.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000034

Aliases

GHSA-mm57-9j6q-rxm2

Published

2017-07-17T13:18:17Z

Modified

2024-09-02T23:49:02Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.

References

http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html

Affected packages

Git / github.com/akka/akka

Affected ranges

Type: GIT
Repo: https://github.com/akka/akka
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f2ca4e18668319f46216e8a356e3453fb66ad4e6