Lucene search
K

157 matches found

OSV
OSV
added 2020/12/03 5:15 p.m.43 views

CVE-2020-28923

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

2.7CVSS6.7AI score0.00957EPSS
Exploits0References2
Prion
Prion
added 2020/12/03 5:15 p.m.19 views

Code injection

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS3.8AI score0.00957EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/12/03 4:21 p.m.40 views

CVE-2020-28923

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

3.5AI score0.00957EPSS
Exploits0References2
CVE
CVE
added 2020/12/03 4:21 p.m.64 views

CVE-2020-28923

Summary: CVE-2020-28923 affects Play Framework 2.8.0–2.8.4 via Data Amplification when carefully crafted JSON payloads are sent as a form field, impacting users migrating from Play Java API-based JSON serialization of classes with protected/private fields. The vulnerability description and relate...

4CVSS3.7AI score0.00957EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2020/12/03 12:0 a.m.8 views

Play Framework Security Vulnerability

Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A security vulnerability exists in Play Framework versions 2.8.0 through 2.8.4, which stems from a carefully crafted JSON payload sent as a form field that causes data amplification. This...

4CVSS5.8AI score0.00957EPSS
Exploits0References3
OSV
OSV
added 2020/11/06 2:15 p.m.24 views

CVE-2020-26882

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

7.5CVSS6.8AI score0.01386EPSS
Exploits0References2
NVD
NVD
added 2020/11/06 2:15 p.m.32 views

CVE-2020-26882

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References2
Prion
Prion
added 2020/11/06 2:15 p.m.18 views

Input validation

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

5CVSS7.5AI score0.01386EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/06 1:26 p.m.68 views

CVE-2020-26882

CVE-2020-26882 (Play Framework): Affects Play Framework versions 2.6.0 through 2.8.2. The vulnerability arises when an application accepts multipart/form-data JSON input, causing data amplification. Documents explicitly describe this as a vulnerability in Play Framework, with potential impact on ...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/06 1:26 p.m.38 views

CVE-2020-26882

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

7.5AI score0.01386EPSS
Exploits0References2
Veracode
Veracode
added 2020/10/28 4:33 a.m.17 views

Denial Of Service (DoS)

play is vulnerable to denial of service DoS. The vulnerability exists as JSON payloads uploaded as a form field causes data amplification...

7.5CVSS2.8AI score0.01386EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2018/09/17 8:46 p.m.24 views

GHSA-6G87-FF9Q-V847 websockets is vulnerable to denial of service by memory exhaustion

The Python websockets library version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appears to be exploitable...

8.7CVSS7.5AI score0.01818EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2018/09/17 8:46 p.m.29 views

websockets is vulnerable to denial of service by memory exhaustion

The Python websockets library version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appears to be exploitable...

7.5CVSS7.3AI score0.01818EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2018/06/26 4:29 p.m.35 views

CVE-2018-1000518

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

7.5CVSS7.7AI score0.01818EPSS
Exploits1References1
Prion
Prion
added 2018/06/26 4:29 p.m.26 views

Design/Logic Flaw

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

5CVSS7.5AI score0.01818EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2018/06/26 4:29 p.m.6 views

PYSEC-2018-79

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

7.5CVSS6.9AI score0.01818EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/06/26 4:0 p.m.103 views

CVE-2018-1000518

CVE-2018-1000518 concerns a vulnerability in the Python websockets library (aaugustin websockets) where version 4 allows a Denial of Service via memory exhaustion. The issue arises from improper handling of highly compressed data (Data Amplification, CWE-409) when compression is enabled (i.e., no...

7.5CVSS7.4AI score0.01818EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder