2 matches found
CVE-2022-31018
CVE-2022-31018 affects Play Framework forms library (versions 2.8.3–2.8.15) for Java/Scala. The vulnerability is triggered when binding deeply nested JSON via Form.bindFromRequest or Form.bind on a JSON value, which may exhaust heap memory and crash the app (OutOfMemoryError) if run on the defaul...
CVE-2022-31018 Denial of service binding form from JSON in Play Framework
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...