MidnightBSD

Advisories for playframework

CVE-2014-3630 HIGH

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
lightbend play_framework 2.2.1
lightbend play_framework 2.3.3
playframework play_framework 2.2.5
lightbend play_framework 2.3.0
lightbend play_framework 2.2.0
lightbend play_framework 2.2.2
lightbend play_framework 2.3.1
lightbend play_framework 2.3.4
playframework play_framework 2.2.3
lightbend play_framework 2.3.2
playframework play_framework 2.2.1
playframework play_framework 2.2.2
playframework play_framework 2.2.0
playframework play_framework 2.2.4
CVE-2015-2156 MEDIUM

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netty netty 4.0.20
netty netty 4.0.9
lightbend play_framework 2.3.8
netty netty 4.0.8
netty netty 4.1.0
netty netty *
playframework play_framework 2.1.3
playframework play_framework 2.1.1
netty netty 3.10.2
netty netty 4.0.27
netty netty 4.0.12
netty netty 4.0.15
playframework play_framework 2.3
playframework play_framework 2.1.6
lightbend play_framework 2.3.5
netty netty 4.0.22
netty netty 4.0.13
lightbend play_framework 2.3.7
lightbend play_framework 2.3.3
playframework play_framework 2.0.1
netty netty 4.0.19
netty netty 4.0.25
lightbend play_framework 2.3.1
netty netty 4.0.3
lightbend play_framework 2.0.4
lightbend play_framework 2.3.4
netty netty 4.0.6
netty netty 4.0.11
netty netty 4.0.18
netty netty 3.10.1
lightbend play_framework 2.0.5
lightbend play_framework 2.0
netty netty 4.0.5
lightbend play_framework 2.0.7
netty netty 4.0.2
netty netty 4.0.26
lightbend play_framework 2.3.6
netty netty 4.0.23
netty netty 4.0.0
lightbend play_framework 2.3.0
netty netty 3.10.0
netty netty 4.0.14
lightbend play_framework 2.0.6
netty netty 4.0.16
lightbend play_framework 2.3.2
playframework play_framework 2.1.2
playframework play_framework 2.2.1
netty netty 4.0.7
lightbend play_framework 2.1.0
lightbend play_framework 2.2.6
playframework play_framework 2.2.2
lightbend play_framework 2.0.3
lightbend play_framework 2.1.1
playframework play_framework 2.0
lightbend play_framework 2.2.1
playframework play_framework 2.2.5
netty netty 4.0.21
netty netty 4.0.24
lightbend play_framework 2.2.0
netty netty 4.0.17
lightbend play_framework 2.0.2
lightbend play_framework 2.2.2
netty netty 4.0.4
playframework play_framework 2.1.4
netty netty 4.0.10
playframework play_framework 2.2.3
lightbend play_framework 2.0.8
playframework play_framework 2.2.0
playframework play_framework 2.2.4
playframework play_framework 2.1.5
netty netty 4.0.1