Описание
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | opendaylight | Will not fix | ||
| Red Hat OpenStack Platform 12 (Pike) | opendaylight | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | opendaylight | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | opendaylight | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=1484938akka-actor: Java deserialization issue in the Remoting component
EPSS
Процентиль: 93%
0.0955
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 8.1
nvd
больше 8 лет назад
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
EPSS
Процентиль: 93%
0.0955
Низкий
7.5 High
CVSS3