Sign in Get started

← All vendors

Vendor

Lightbend

Sign in to watch

Products

2

CVEs

3

Across products

3

Status

Private

Products

2

Play Framework
2 CVEs
Akka Management
1 CVE

Recent CVEs

3

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2014-3630	Cri	0.64	9.8	0.01		Dec 29, 2017	XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
CVE-2015-2156	Hig	0.42	7.5	0.03		Oct 18, 2017	Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
CVE-2025-46548		0.00	—	0.02		Jun 3, 2025	If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue. Akka was affected by the same issue and has released the fix in version 1.6.1.