CVE-2017-1000034
Published Jul 13, 2017
·Updated
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
Affected Software
3 affected componentsFixes available
maven/com.typesafe.akka:akka-actor<2.4.17
2.4.17
Akka Akka<=2.4.16
Akka Akka=2.5-m1
Event History
Jul 13, 2017
CVE Published
via MITRE·08:00 PM
Data Sourced
via MITRE·08:00 PM
Description
Oct 22, 2018
Advisory Published
08:52 PM
Frequently Asked Questions
1
What is the severity of CVE-2017-1000034?
CVE-2017-1000034 is a critical vulnerability that allows remote code execution via a java deserialization attack.
2
How do I fix CVE-2017-1000034?
To fix CVE-2017-1000034, upgrade to Akka version 2.4.17 or later.
3
Which Akka versions are affected by CVE-2017-1000034?
Akka versions 2.4.16 and earlier, along with 2.5-M1, are affected by CVE-2017-1000034.
4
What impact does CVE-2017-1000034 have on my application?
CVE-2017-1000034 can compromise the security of your application by allowing unauthorized remote code execution.
5
Is CVE-2017-1000034 specific to any component of Akka?
Yes, CVE-2017-1000034 specifically affects the Remoting component of Akka.