CVE-2017-1000034: Deserialization of Untrusted Data

July 17, 2017 (updated August 4, 2017)

Akka is vulnerable to a java deserialization attack in its remoting component, resulting in remote code execution in the context of the ActorSystem.

References

doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html
nvd.nist.gov/vuln/detail/CVE-2017-1000034

Detect and mitigate CVE-2017-1000034 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →