157 matches found
CVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
Code injection
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
CVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
CVE-2020-28923
Summary: CVE-2020-28923 affects Play Framework 2.8.0–2.8.4 via Data Amplification when carefully crafted JSON payloads are sent as a form field, impacting users migrating from Play Java API-based JSON serialization of classes with protected/private fields. The vulnerability description and relate...
Play Framework Security Vulnerability
Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A security vulnerability exists in Play Framework versions 2.8.0 through 2.8.4, which stems from a carefully crafted JSON payload sent as a form field that causes data amplification. This...
CVE-2020-26882
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...
CVE-2020-26882
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...
Input validation
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...
CVE-2020-26882
CVE-2020-26882 (Play Framework): Affects Play Framework versions 2.6.0 through 2.8.2. The vulnerability arises when an application accepts multipart/form-data JSON input, causing data amplification. Documents explicitly describe this as a vulnerability in Play Framework, with potential impact on ...
CVE-2020-26882
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...
Denial Of Service (DoS)
play is vulnerable to denial of service DoS. The vulnerability exists as JSON payloads uploaded as a form field causes data amplification...
GHSA-6G87-FF9Q-V847 websockets is vulnerable to denial of service by memory exhaustion
The Python websockets library version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appears to be exploitable...
websockets is vulnerable to denial of service by memory exhaustion
The Python websockets library version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appears to be exploitable...
CVE-2018-1000518
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...
Design/Logic Flaw
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...
PYSEC-2018-79
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...
CVE-2018-1000518
CVE-2018-1000518 concerns a vulnerability in the Python websockets library (aaugustin websockets) where version 4 allows a Denial of Service via memory exhaustion. The issue arises from improper handling of highly compressed data (Data Amplification, CWE-409) when compression is enabled (i.e., no...