135 matches found
Lightbend Play Framework 资源管理错误漏洞
Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A resource management error vulnerability exists in Lightbend Play Framework versions 2.8.3 through 2.8.15, which results in a denial of service when using the FormbindFromRequest method on...
GHSA-442G-GCG6-MHM4 Play Framework Inadequate Encryption Strength vulnerability
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
Play Framework Inadequate Encryption Strength vulnerability
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
GHSA-H5MV-FV98-GQMQ OS command injection vulnerability in Jenkins Play Framework Plugin
A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file. Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins controller. This results in an OS command injection vulnerability exploitable by use...
OS command injection vulnerability in Jenkins Play Framework Plugin
A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file. Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins controller. This results in an OS command injection vulnerability exploitable by use...
com.coherentlogic.fred.client:fred-client-core (=0.9.3), com.coherentlogic.fred.client:fred-client-core-it (=0.9.3) +36 more potentially affected by CVE-2013-6235 via com.jamonapi:jamon (>=1.0 <=2.75)
com.jamonapi:jamon MAVEN version =1.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.1.4, =0.9.0, =0.9.1 and more Source cves: CVE-2013-6235 Source advisory: OSV:GHSA-QPR7-5M63-HQ2Chttps://vulners.com/osv/OSV:GHSA...
GHSA-V4MQ-P756-P4F5 Play Framework's Assets controller vulnerable to directory traversal
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...
Play Framework's Assets controller vulnerable to directory traversal
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...
Denial Of Service (DoS)
Play Framework is vulnerable to denial of service. The vulnerability exists in fromJson function of form.scala due to unbounded recursion during json parsing which allows an attacker to cause a stack overflow by sending a crafted json document that leads to an application crash...
GHSA-R8RM-4HFJ-2X87 Data Amplification in Play Framework
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...
Data Amplification in Play Framework
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...
Out-of-bounds Write in Play Framework
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...
GHSA-P8P6-RCP6-4MRM Uncontrolled Recursion in Play Framework
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...
Uncontrolled Recursion in Play Framework
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...
GHSA-V9MF-JGQ3-C28H Data Amplification in Play Framework
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
Data Amplification in Play Framework
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
CVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
CVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
Code injection
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
CVE-2020-28923
Summary: CVE-2020-28923 affects Play Framework 2.8.0–2.8.4 via Data Amplification when carefully crafted JSON payloads are sent as a form field, impacting users migrating from Play Java API-based JSON serialization of classes with protected/private fields. The vulnerability description and relate...