Known Vulnerabilities for Play Framework by Lightbend
Listed below are 10 of the newest known vulnerabilities associated with "Play Framework" by "Lightbend".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-31023 json | Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages ... | 7.5 - HIGH | 2022-06-02 | 2022-06-11 |
| CVE-2022-31018 json | Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 ... | 7.5 - HIGH | 2022-06-02 | 2022-06-13 |
| CVE-2020-28923 json | An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to D... | 2.7 - LOW | 2020-12-03 | 2020-12-07 |
| CVE-2020-27196 json | An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a... | 7.5 - HIGH | 2020-11-06 | 2020-11-13 |
| CVE-2020-26883 json | In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted J... | 7.5 - HIGH | 2020-11-06 | 2020-11-10 |
| CVE-2020-26882 json | In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON inpu... | 7.5 - HIGH | 2020-11-06 | 2020-11-10 |
| CVE-2020-12480 json | In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that... | 6.5 - MEDIUM | 2020-08-17 | 2020-08-24 |
| CVE-2019-17598 json | An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authentic... | 7.5 - HIGH | 2019-11-05 | 2020-08-24 |
| CVE-2018-13864 json | A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in... | 7.5 - HIGH | 2018-07-17 | 2019-11-25 |
| CVE-2015-2156 json | Not Provided | 2017-10-18 | 2025-04-20 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Lightbend | Play Framework | 2.8.5 | |||
| Application | Lightbend | Play Framework | 2.8.4 | |||
| Application | Lightbend | Play Framework | 2.8.3 | |||
| Application | Lightbend | Play Framework | 2.8.2 | |||
| Application | Lightbend | Play Framework | 2.8.1 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.8.0 | |||
| Application | Lightbend | Play Framework | 2.7.7 | |||
| Application | Lightbend | Play Framework | 2.7.6 | |||
| Application | Lightbend | Play Framework | 2.7.5 | |||
| Application | Lightbend | Play Framework | 2.7.4 |