3 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. • https://github.com/playframework/playframework/pull/11305 https://github.com/playframework/playframework/releases/tag/2.8.16 https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. • https://github.com/playframework/playframework/pull/11301 https://github.com/playframework/playframework/releases/tag/2.8.16 https://github.com/playframework/playframework/security/advisories/GHSA-v8x6-59g4-5g3w • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON. Se detectó un problema en Play Framework versiones 2.8.0 hasta 2.8.4. Las cargas útiles JSON cuidadosamente diseñadas enviadas como un campo de formulario conllevan a una Amplificación de Datos. • https://www.playframework.com/security/vulnerability https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer •