Vulnerabilities > Lightbend > Play Framework > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2022-31023 | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
| 2022-06-02 | CVE-2022-31018 | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
| 2020-11-06 | CVE-2020-27196 | Out-of-bounds Write vulnerability in Lightbend Play Framework An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. | 7.5 |
| 2020-11-06 | CVE-2020-26883 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. | 7.5 |
| 2020-11-06 | CVE-2020-26882 | Uncontrolled Recursion vulnerability in Lightbend Play Framework In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. | 7.5 |
| 2019-11-05 | CVE-2019-17598 | Inadequate Encryption Strength vulnerability in Lightbend Play Framework An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. | 7.5 |
| 2018-07-17 | CVE-2018-13864 | Path Traversal vulnerability in Lightbend Play Framework A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. | 7.5 |
| 2017-10-18 | CVE-2015-2156 | Improper Input Validation vulnerability in multiple products Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters. | 7.5 |