High severity7.5NVD Advisory· Published Jul 17, 2018· Updated Jun 17, 2026
CVE-2018-13864
CVE-2018-13864
Description
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.typesafe.play:play_2.12Maven | >= 2.6.12, < 2.6.16 | 2.6.16 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-v4mq-p756-p4f5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-13864ghsaADVISORY
- www.playframework.com/security/vulnerability/CVE-2018-13864-PathTraversalnvdVendor AdvisoryWEB
- discuss.lightbend.com/t/play-2-6-16-released/1575ghsaWEB
News mentions
0No linked articles in our index yet.