CVE-2017-1000034

Name of the Vulnerable Software and Affected Versions Akka versions <=2.4.16 Akka version 2.5-M1

Description The issue concerns a Java deserialization attack in the Remoting component of Akka, which can result in remote code execution in the context of the ActorSystem.

Recommendations For Akka versions <=2.4.16, update to a version greater than 2.4.16 to resolve the issue. For Akka version 2.5-M1, update to a version greater than 2.5-M1 to resolve the issue. As a temporary workaround, consider restricting access to the Remoting component to minimize the risk of exploitation.