Vulnerabilities > Lightbend > Play Framework > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-31023 Information Exposure Through an Error Message vulnerability in Lightbend Play Framework
Play Framework is a web framework for Java and Scala.
network
low complexity
lightbend CWE-209
5.0
5.0
2022-06-02 CVE-2022-31018 Resource Exhaustion vulnerability in Lightbend Play Framework
Play Framework is a web framework for Java and Scala.
network
low complexity
lightbend CWE-400
5.0
5.0
2020-12-03 CVE-2020-28923 Unspecified vulnerability in Lightbend Play Framework
An issue was discovered in Play Framework 2.8.0 through 2.8.4.
network
low complexity
lightbend
4.0
4.0
2020-11-06 CVE-2020-27196 Out-of-bounds Write vulnerability in Lightbend Play Framework
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2.
network
low complexity
lightbend CWE-787
5.0
5.0
2020-11-06 CVE-2020-26883 Uncontrolled Recursion vulnerability in Lightbend Play Framework
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
network
low complexity
lightbend CWE-674
5.0
5.0
2020-11-06 CVE-2020-26882 Uncontrolled Recursion vulnerability in Lightbend Play Framework
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
network
low complexity
lightbend CWE-674
5.0
5.0
2020-08-17 CVE-2020-12480 Cross-Site Request Forgery (CSRF) vulnerability in Lightbend Play Framework
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
network
lightbend CWE-352
4.3
4.3
2019-11-05 CVE-2019-17598 Inadequate Encryption Strength vulnerability in Lightbend Play Framework
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23.
network
lightbend CWE-326
4.3
4.3
2018-07-17 CVE-2018-13864 Path Traversal vulnerability in Lightbend Play Framework
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows.
network
low complexity
lightbend microsoft CWE-22
5.0
5.0