Lucene search
K

135 matches found

CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

Lightbend Play Framework 资源管理错误漏洞

Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A resource management error vulnerability exists in Lightbend Play Framework versions 2.8.3 through 2.8.15, which results in a denial of service when using the FormbindFromRequest method on...

7.5CVSS7.3AI score0.01573EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 10:1 p.m.48 views

GHSA-442G-GCG6-MHM4 Play Framework Inadequate Encryption Strength vulnerability

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

7.5CVSS5.9AI score0.00698EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 10:1 p.m.20 views

Play Framework Inadequate Encryption Strength vulnerability

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

7.5CVSS1.2AI score0.00698EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:19 p.m.14 views

GHSA-H5MV-FV98-GQMQ OS command injection vulnerability in Jenkins Play Framework Plugin

A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file. Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins controller. This results in an OS command injection vulnerability exploitable by use...

8.8CVSS8.9AI score0.02422EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:19 p.m.29 views

OS command injection vulnerability in Jenkins Play Framework Plugin

A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file. Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins controller. This results in an OS command injection vulnerability exploitable by use...

8.8CVSS8.7AI score0.02422EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/14 2:54 a.m.7 views

com.coherentlogic.fred.client:fred-client-core (=0.9.3), com.coherentlogic.fred.client:fred-client-core-it (=0.9.3) +36 more potentially affected by CVE-2013-6235 via com.jamonapi:jamon (>=1.0 <=2.75)

com.jamonapi:jamon MAVEN version =1.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.1.4, =0.9.0, =0.9.1 and more Source cves: CVE-2013-6235 Source advisory: OSV:GHSA-QPR7-5M63-HQ2Chttps://vulners.com/osv/OSV:GHSA...

4.3CVSS5.8AI score0.02232EPSS
Exploits2
OSV
OSV
added 2022/05/13 1:30 a.m.2 views

GHSA-V4MQ-P756-P4F5 Play Framework's Assets controller vulnerable to directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

7.5CVSS7.1AI score0.03418EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:30 a.m.24 views

Play Framework's Assets controller vulnerable to directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

7.5CVSS5.6AI score0.03418EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/02/11 9:13 a.m.21 views

Denial Of Service (DoS)

Play Framework is vulnerable to denial of service. The vulnerability exists in fromJson function of form.scala due to unbounded recursion during json parsing which allows an attacker to cause a stack overflow by sending a crafted json document that leads to an application crash...

7.5CVSS4.2AI score0.01386EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/02/10 8:23 p.m.24 views

GHSA-R8RM-4HFJ-2X87 Data Amplification in Play Framework

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/10 8:23 p.m.34 views

Data Amplification in Play Framework

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

7.5CVSS7.3AI score0.01386EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:23 p.m.46 views

Out-of-bounds Write in Play Framework

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

7.5CVSS7.2AI score0.01386EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/02/10 8:23 p.m.39 views

GHSA-P8P6-RCP6-4MRM Uncontrolled Recursion in Play Framework

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/10 8:23 p.m.37 views

Uncontrolled Recursion in Play Framework

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...

7.5CVSS7.3AI score0.01386EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/02/09 10:54 p.m.21 views

GHSA-V9MF-JGQ3-C28H Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

2.7CVSS3.4AI score0.00957EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/09 10:54 p.m.51 views

Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS4.6AI score0.00957EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/12/03 5:15 p.m.42 views

CVE-2020-28923

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS3.6AI score0.00957EPSS
Exploits0References2
OSV
OSV
added 2020/12/03 5:15 p.m.42 views

CVE-2020-28923

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

2.7CVSS6.7AI score0.00957EPSS
Exploits0References2
Prion
Prion
added 2020/12/03 5:15 p.m.19 views

Code injection

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS3.8AI score0.00957EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/12/03 4:21 p.m.63 views

CVE-2020-28923

Summary: CVE-2020-28923 affects Play Framework 2.8.0–2.8.4 via Data Amplification when carefully crafted JSON payloads are sent as a form field, impacting users migrating from Play Java API-based JSON serialization of classes with protected/private fields. The vulnerability description and relate...

4CVSS3.7AI score0.00957EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder