135 matches found
CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
CVE-2022-31018
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...
EUVD-2020-0524
Malware in sbrugna...
EUVD-2020-0613
Malware in sbrugna...
EUVD-2022-6163
Malicious code in bioql PyPI...
EUVD-2022-1032
Malicious code in bioql PyPI...
EUVD-2022-1166
Malicious code in bioql PyPI...
EUVD-2022-1198
Malicious code in bioql PyPI...
EUVD-2022-6107
Malicious code in bioql PyPI...
EUVD-2022-2289
Malicious code in bioql PyPI...
EUVD-2022-4073
Malicious code in bioql PyPI...
EUVD-2022-1119
Malicious code in bioql PyPI...
EUVD-2022-5280
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2015-2156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow...
CVE-2022-31023
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by...
CVE-2020-27196
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...
CVE-2019-17598
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
CVE-2023-47640 Insecure Use of HMAC-SHA1 For Session Signing in datahub
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources i.e. state level actors with large computational capabilities...
CVE-2023-47628
DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...
CVE-2023-47628 Session Expiration Misconfiguration in datahub
DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...