Playframework Play Framework vulnerabilities
2 known vulnerabilities affecting playframework/play_framework.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2014-3630CRITICALCVSS 9.8v2.2.0v2.2.1+4 more2017-12-29
CVE-2014-3630 [CRITICAL] CWE-611 CVE-2014-3630: XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
nvd
CVE-2015-2156HIGHCVSS 7.5v2.0v2.0.1+13 more2017-10-18
CVE-2015-2156 [HIGH] CWE-20 CVE-2015-2156: Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
nvd