3 matches found
ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1), be.venneborg:play26-refined_2.12 (>=0.2.0 <=0.3.0) +154 more potentially affected by CVE-2018-13864 via com.typesafe.play:play_2.12 (>=2.6.12 <=2.6.15)
com.typesafe.play:play2.12 MAVEN version =2.6.12, =0.5, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =1.4-P26-B3, =1.5.13, =7.6.0-crosscompilescala212.2.206f1b4play2.6, =10.0.0play2.6, =10.0.0play2.6, =10.0.0play2.6, =17.1.4play2.6 - com.elegantmonkeys:lagom-google-pubsub-broker2.12 =1.0.0-RC1 and more Source...
CVE-2018-13864
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...
CVE-2018-13864
CVE-2018-13864: A directory traversal vulnerability affects Play Framework 2.6.12–2.6.15 (Windows). The Assets controller could be abused to download arbitrary files from the server via crafted HTTP requests. The issue is fixed in 2.6.16; upgrade to 2.6.16+ to remediate. No exploitation details a...