ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +1141 more potentially affected by CVE-2018-16115 via com.typesafe.akka:akka-actor_2.12 (>=2.5.0 <=2.5.15)

com.typesafe.akka:akka-actor2.12 MAVEN version =2.5.0, =0.3.0, =0.5, =0.2.0, =0.1.0, =0.1.0, =0.14.0, =0.17.0 and more Source cves: CVE-2018-16115 Source advisory: OSV:GHSA-MR95-9RR4-668F...

Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

be.venneborg:play26-refined_2.11 (>=0.2.0 <=0.3.0), be.venneborg:play27-refined_2.11 (=0.3.0) +573 more potentially affected by CVE-2018-16115 via com.typesafe.akka:akka-actor_2.11 (>=2.5.0 <=2.5.15)

com.typesafe.akka:akka-actor2.11 MAVEN version =2.5.0, =0.2.0, =0.1.1, =1.4-P26-B3, =1.4-P26-B4 - com.andrewgapic:spark-streaming-twitch =1.0.0 and more Source cves: CVE-2018-16115 Source advisory: OSV:GHSA-MR95-9RR4-668F...

Insecure Defaults

akka-actor has insecure defaults. An attacker can leverage an ActorSystem exposed over TCP to perform Java deserialization attacks. By default Java deserialization is enabled and the documentation wasn't complete on how to disable the function.These attacks can be performed if the ActorSystem has...