Lucene search

Veracode Vulnerability DatabaseVERACODE:27933

HistoryNov 20, 2020 - 3:44 a.m.

Information Disclosure

2020-11-2003:44:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

play-java is vulnerable to information disclosure. The vulnerability exists when performing JSON serialization of classes with protected or private fields through the Java API.

CPENameOperatorVersion
play-javale2.8.4
play-javale2.8.4

CPE	Name	Operator	Version
	play-java	le	2.8.4
	play-java	le	2.8.4

References

github.com/playframework/playframework/commit/3c4efe218dd8c3f434b2af16d9439052d79d7607

www.playframework.com/security/vulnerability

www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:27933