135 matches found
CVE-2020-26883
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...
ai.lum:odinson-rest-api_2.12 (>=0.2.0 <=0.2.3), ai.snips:play-mongo-bson_2.12 (>=0.4 <=0.5.1) +482 more potentially affected by CVE-2020-12480 via com.typesafe.play:play_2.12 (>=2.6.0-M1 <=2.7.4)
com.typesafe.play:play2.12 MAVEN version =2.6.0-M1, =0.2.0, =0.4, =0.4.0, =2.6.0, =2.6.0, =0.1.0, =0.3.0, =1.1.0, =1.3.0, =1.3.1 and more Source cves: CVE-2020-12480 Source advisory: OSV:GHSA-CF8J-64H9-6Q58...
ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0), be.objectify:deadbolt-java_2.12 (>=2.8.0 <=2.8.1) +202 more potentially affected by CVE-2020-12480 via com.typesafe.play:play_2.12 (>=2.8.0 <=2.8.19)
com.typesafe.play:play2.12 MAVEN version =2.8.0, =0.3.1, =2.8.0, =2.8.0, =1.6-P28, =1.6-P28-B3, =1.6.1, =14.0.0play2.8, =14.0.0play2.8, =18.0.4play2.8 - com.digitaltangible:play-guard2.12 =2.5.0 and more Source cves: CVE-2020-12480 Source advisory: OSV:GHSA-CF8J-64H9-6Q58...
CSRF in Play Framework
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
GHSA-CF8J-64H9-6Q58 CSRF in Play Framework
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
Cross site request forgery (csrf)
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
CVE-2020-12480
CVE-2020-12480 affects Play Framework 2.6.0–2.8.1. The CSRF filter can be bypassed when handling CORS simple requests with content types that contain parameters that can’t be parsed, enabling CSRF in affected deployments. Red Hat and security advisories (GHSA/Veracode OSV) corroborate the CSRF by...
GHSA-XFV3-RRFM-F2RV Information Exposure in Netty
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...
Information Exposure in Netty
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...
CloudBees Jenkins Play Framework Plugin OS Command Injection Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Play Framework Plugin is used in one of the...
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...
Command injection
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...
CVE-2020-2200
CVE-2020-2200 concerns the Jenkins Play Framework Plugin (versions 1.0.2 and earlier). The issue arises when a form validation endpoint lets users specify the path to the play command on the Jenkins master, enabling an OS command injection vulnerability exploitable by users who can place a file o...
PT-2020-15414 · Jenkins · Jenkins Play Framework Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Play Framework Plugin versions 1.0.2 and earlier Description: The issue concerns an OS command injection vulnerability. It occurs because a form validation endpoint in the Play Framework Plugin executes the play command to validate a...
Lightbend Play Framework Information Disclosure Vulnerability
Lightbend Play Framework is the United States Lightbend company a use of Scala language written in the Web application framework. An information disclosure vulnerability exists in Lightbend Play Framework versions 2.5.x through 2.6.23. The vulnerability stems from an error in configuration or oth...