Play Framework Security Vulnerabilities and Issues — Play Framework CVE List

Lucene search

LightbendPlay Framework

5 matches found

CVE•added 2020/08/17 9:15 p.m.•60 views

CVE-2020-12480

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

6.5CVSS6.4AI score0.00042EPSS

CVE•added 2020/11/06 2:15 p.m.•59 views

CVE-2020-26883

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.

7.5CVSS7.5AI score0.00526EPSS

CVE•added 2020/11/06 2:15 p.m.•49 views

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of...

7.5CVSS7.4AI score0.00526EPSS

CVE•added 2020/11/06 2:15 p.m.•44 views

CVE-2020-26882

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.

7.5CVSS7.5AI score0.00408EPSS

CVE•added 2020/12/03 5:15 p.m.•44 views

CVE-2020-28923

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.

4CVSS3.7AI score0.00182EPSS