Critical severity9.8NVD Advisory· Published Dec 29, 2017· Updated May 13, 2026
CVE-2014-3630
CVE-2014-3630
Description
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Affected products
24cpe:2.3:a:lightbend:play_framework:2.2.0:-:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:lightbend:play_framework:2.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.2.0:milestone1:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.2.0:milestone2:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.2.0:milestone3:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.2.1:-:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.2.2:-:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.0:-:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.2:-:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdfnvdIssue TrackingThird Party Advisory
- playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntitynvdIssue TrackingMitigationVendor Advisory
- groups.google.com/forum/nvd
- groups.google.com/forum/nvd
News mentions
0No linked articles in our index yet.