Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lightbend vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-12480
In Play Framework 2.6.0 up to and including 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Lightbend Play Framework
5
CVSSv2
CVE-2022-31018
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 up to and including 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` metho...
Lightbend Play Framework
5
CVSSv2
CVE-2020-27196
An issue exists in PlayJava in Play Framework 2.6.0 up to and including 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOver...
Lightbend Play Framework
5
CVSSv2
CVE-2020-26882
In Play Framework 2.6.0 up to and including 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
Lightbend Play Framework
5
CVSSv2
CVE-2020-26883
In Play Framework 2.6.0 up to and including 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
Lightbend Play Framework
4
CVSSv2
CVE-2020-28923
An issue exists in Play Framework 2.8.0 up to and including 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version before 2.8.0 that used the Play Java API to serialize classes with protected or pri...
Lightbend Play Framework
4.3
CVSSv2
CVE-2019-17598
An issue exists in Lightbend Play Framework 2.5.x up to and including 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the ta...
Lightbend Play Framework
5
CVSSv2
CVE-2022-31023
Play Framework is a web framework for Java and Scala. Verions before 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play doe...
Lightbend Play Framework
7.8
CVSSv2
CVE-2018-16131
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x up to and including 10.1.4 and 10.0.x up to and including 10.0.13 allow remote malicious users to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.
Lightbend Akka Http
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2