Lucene search

Playframework Security Vulnerabilities

cve

CVE-2014-3630

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

9.8CVSS

9.6AI Score

0.007EPSS

2017-12-29 10:29 PM

cve

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and...

7.5CVSS

7.3AI Score

0.006EPSS

2017-10-18 03:29 PM

cve

CVE-2022-31018

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the Form#bindFromRequest method on a JSON request body or the Form#b...

7.5CVSS

7.5AI Score

0.002EPSS

2022-06-02 05:15 PM

608

cve

CVE-2022-31023

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configu...

7.5CVSS

7.6AI Score

0.002EPSS

2022-06-02 06:15 PM

500