6 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. • https://github.com/playframework/playframework/pull/11305 https://github.com/playframework/playframework/releases/tag/2.8.16 https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON. Se detectó un problema en Play Framework versiones 2.8.0 hasta 2.8.4. Las cargas útiles JSON cuidadosamente diseñadas enviadas como un campo de formulario conllevan a una Amplificación de Datos. • https://www.playframework.com/security/vulnerability https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. En Play Framework versiones 2.6.0 hasta 2.8.2, una amplificación de datos puede ocurrir cuando una aplicación acepta una entrada JSON multipart/form-data • https://www.playframework.com/security/vulnerability https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification • CWE-674: Uncontrolled Recursion •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service. Se detectó un problema en PlayJava en Play Framework versiones 2.6.0 hasta 2.8.2. El análisis del cuerpo de peticiones HTTP analiza enérgicamente una carga útil dado un encabezado Content-Type. • https://www.playframework.com/security/vulnerability https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. En Play Framework versiones 2.6.0 hasta 2.8.2, el consumo de la pila puede ocurrir debido a una recursividad ilimitada durante el análisis de documentos JSON diseñados • https://www.playframework.com/security/vulnerability https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion • CWE-674: Uncontrolled Recursion •