VYPR

Play Framework

by Lightbend

CVEs (2)

  • CVE-2014-3630CriDec 29, 2017
    risk 0.64cvss 9.8epss 0.03

    XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

  • CVE-2015-2156HigOct 18, 2017
    risk 0.42cvss 7.5epss 0.05

    Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper…