Remediation:
Upgrade to com.typesafe.akka:akka-actor_2.12@2.5.16.
Overview
com.typesafe.akka:akka-actor_2.12 is a toolkit for building highly concurrent, distributed, and resilient message-driven applications for Java and Scala.
Affected versions of this package are vulnerable to Insecure Random Number Generation. When a custom random number generator is configured, if the AES128CounterSecureRNG and AES256CounterSecureRNG are enabled, a malicious user could easily guess the random number used during encryption and possibly eavesdrop onto ongoing communications. This is due a bug in the AES128CounterSecureRNG and AES256CounterSecureRNG implementations, causing the generated numbers to repeat themselves after a few bytes.
Remediation
Upgrade com.typesafe.akka:akka-actor_2.12 to version 2.5.16 or higher.