5 matches found
Insecure Deserialization
com.typesafe.akka, akka-cluster-metrics is vulnerable to insecure deserialization. The vulnerability is due to the use of Java serialization without proper validation or safeguards in the akka-cluster-metrics module, which allows an attacker to exploit the deserialization process to execute...
com.ing.baker:bakery-interaction-k8s-interaction-manager_2.13 (>=3.6.2 <=5.0.0), com.ing.baker:bakery-state-k8s_2.13 (=3.5.0) +8 more potentially affected by CVE-2025-53393 via com.typesafe.akka:akka-cluster-metrics_2.13 (>=2.6.11 <=2.9.0-M2)
com.typesafe.akka:akka-cluster-metrics2.13 MAVEN version =2.6.11, =3.6.2, =3.5.0, =22.10.0, =0.1.6, =2.9.1, =3.30.0, =3.31.0 Source cves: CVE-2025-53393 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-10567746...
cc.akkaha:asura-cluster_2.12 (>=0.2.0 <=0.6.0), com.adobe.api.platform.runtime:mesos-actor (>=0.0.8_2.12 <=0.0.33) +42 more potentially affected by CVE-2025-53393 via com.typesafe.akka:akka-cluster-metrics_2.12 (>=2.4.16 <=2.7.0)
com.typesafe.akka:akka-cluster-metrics2.12 MAVEN version =2.4.16, =0.2.0, =0.0.82.12, =3.6.0, =3.3.0, =0.1.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =3.1.0-35emr770 and more Source cves: CVE-2025-53393 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-10567747...
akka-cluster-metrics uses Java serialization for cluster metrics
In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...
GHSA-358M-FQ53-HP87 akka-cluster-metrics uses Java serialization for cluster metrics
In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...