Maven package
com.typesafe.play/play_2.12
pkg:maven/com.typesafe.play/play_2.12
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31023 | — | < 2.8.16 | 2.8.16 | Jun 2, 2022 | Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play d | ||
| CVE-2022-31018 | — | >= 2.8.3, < 2.8.16 | 2.8.16 | Jun 2, 2022 | Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON reque | ||
| CVE-2020-12480 | — | < 2.7.5 | 2.7.5 | Aug 17, 2020 | In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed. | ||
| CVE-2018-13864 | Hig | 7.5 | >= 2.6.12, < 2.6.16 | 2.6.16 | Jul 17, 2018 | A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. |
- CVE-2022-31023Jun 2, 2022affected < 2.8.16fixed 2.8.16
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play d
- CVE-2022-31018Jun 2, 2022affected >= 2.8.3, < 2.8.16fixed 2.8.16
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON reque
- CVE-2020-12480Aug 17, 2020affected < 2.7.5fixed 2.7.5
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
- affected >= 2.6.12, < 2.6.16fixed 2.6.16
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.