Lucene search
K

135 matches found

Cvelist
Cvelist
added 2020/11/06 1:21 p.m.44 views

CVE-2020-26883

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...

7.5AI score0.01386EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/08/18 5:30 p.m.12 views

ai.lum:odinson-rest-api_2.12 (>=0.2.0 <=0.2.3), ai.snips:play-mongo-bson_2.12 (>=0.4 <=0.5.1) +482 more potentially affected by CVE-2020-12480 via com.typesafe.play:play_2.12 (>=2.6.0-M1 <=2.7.4)

com.typesafe.play:play2.12 MAVEN version =2.6.0-M1, =0.2.0, =0.4, =0.4.0, =2.6.0, =2.6.0, =0.1.0, =0.3.0, =1.1.0, =1.3.0, =1.3.1 and more Source cves: CVE-2020-12480 Source advisory: OSV:GHSA-CF8J-64H9-6Q58...

6.5CVSS6.5AI score0.00525EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/08/18 5:30 p.m.6 views

ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0), be.objectify:deadbolt-java_2.12 (>=2.8.0 <=2.8.1) +202 more potentially affected by CVE-2020-12480 via com.typesafe.play:play_2.12 (>=2.8.0 <=2.8.19)

com.typesafe.play:play2.12 MAVEN version =2.8.0, =0.3.1, =2.8.0, =2.8.0, =1.6-P28, =1.6-P28-B3, =1.6.1, =14.0.0play2.8, =14.0.0play2.8, =18.0.4play2.8 - com.digitaltangible:play-guard2.12 =2.5.0 and more Source cves: CVE-2020-12480 Source advisory: OSV:GHSA-CF8J-64H9-6Q58...

6.5CVSS6.5AI score0.00525EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2020/08/18 5:30 p.m.52 views

CSRF in Play Framework

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

6.5CVSS3.6AI score0.00525EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/08/18 5:30 p.m.3 views

GHSA-CF8J-64H9-6Q58 CSRF in Play Framework

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

6.5CVSS6.6AI score0.00525EPSS
Exploits0References6
NVD
NVD
added 2020/08/17 9:15 p.m.34 views

CVE-2020-12480

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

6.5CVSS6.5AI score0.00525EPSS
Exploits0References2
OSV
OSV
added 2020/08/17 9:15 p.m.23 views

CVE-2020-12480

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

6.5CVSS6.6AI score0.00525EPSS
Exploits0References2
Prion
Prion
added 2020/08/17 9:15 p.m.14 views

Cross site request forgery (csrf)

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

4.3CVSS6.5AI score0.00525EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/17 8:45 p.m.39 views

CVE-2020-12480

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

6.5AI score0.00525EPSS
Exploits0References2
CVE
CVE
added 2020/08/17 8:45 p.m.74 views

CVE-2020-12480

CVE-2020-12480 affects Play Framework 2.6.0–2.8.1. The CSRF filter can be bypassed when handling CORS simple requests with content types that contain parameters that can’t be parsed, enabling CSRF in affected deployments. Red Hat and security advisories (GHSA/Veracode OSV) corroborate the CSRF by...

6.5CVSS6.4AI score0.00525EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/06/30 9:1 p.m.31 views

GHSA-XFV3-RRFM-F2RV Information Exposure in Netty

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.4AI score0.05434EPSS
Exploits0References18
Github Security Blog
Github Security Blog
added 2020/06/30 9:1 p.m.52 views

Information Exposure in Netty

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.3AI score0.05434EPSS
Exploits0References18Affected Software3
CNVD
CNVD
added 2020/06/04 12:0 a.m.3 views

CloudBees Jenkins Play Framework Plugin OS Command Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Play Framework Plugin is used in one of the...

8.8CVSS8.2AI score0.02422EPSS
Exploits0References1
NVD
NVD
added 2020/06/03 1:15 p.m.26 views

CVE-2020-2200

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...

8.8CVSS8.9AI score0.02422EPSS
Exploits0References2
OSV
OSV
added 2020/06/03 1:15 p.m.14 views

CVE-2020-2200

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...

8.8CVSS7.5AI score
Exploits0References2
Prion
Prion
added 2020/06/03 1:15 p.m.14 views

Command injection

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...

6.5CVSS8.9AI score0.02422EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/03 12:40 p.m.26 views

CVE-2020-2200

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...

8.9AI score0.02422EPSS
Exploits0References2
CVE
CVE
added 2020/06/03 12:40 p.m.77 views

CVE-2020-2200

CVE-2020-2200 concerns the Jenkins Play Framework Plugin (versions 1.0.2 and earlier). The issue arises when a form validation endpoint lets users specify the path to the play command on the Jenkins master, enabling an OS command injection vulnerability exploitable by users who can place a file o...

8.8CVSS8.8AI score0.02422EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.6 views

PT-2020-15414 · Jenkins · Jenkins Play Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Play Framework Plugin versions 1.0.2 and earlier Description: The issue concerns an OS command injection vulnerability. It occurs because a form validation endpoint in the Play Framework Plugin executes the play command to validate a...

8.8CVSS8.9AI score0.02422EPSS
Exploits0References6
CNVD
CNVD
added 2019/11/06 12:0 a.m.5 views

Lightbend Play Framework Information Disclosure Vulnerability

Lightbend Play Framework is the United States Lightbend company a use of Scala language written in the Web application framework. An information disclosure vulnerability exists in Lightbend Play Framework versions 2.5.x through 2.6.23. The vulnerability stems from an error in configuration or oth...

7.5CVSS6.2AI score0.00698EPSS
Exploits0References1
Rows per page
Query Builder