Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lightbend vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2021-23339
This affects all versions prior to 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
Lightbend Akka-http
445
VMScore
CVE-2020-26883
In Play Framework 2.6.0 up to and including 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
Lightbend Play Framework
445
VMScore
CVE-2020-27196
An issue exists in PlayJava in Play Framework 2.6.0 up to and including 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOver...
Lightbend Play Framework
445
VMScore
CVE-2022-31023
Play Framework is a web framework for Java and Scala. Verions before 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play doe...
Lightbend Play Framework
383
VMScore
CVE-2019-17598
An issue exists in Lightbend Play Framework 2.5.x up to and including 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the ta...
Lightbend Play Framework
NA
CVE-2023-29471
Lightbend Alpakka Kafka prior to 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Lightbend Alpakka Kafka
383
VMScore
CVE-2020-12480
In Play Framework 2.6.0 up to and including 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Lightbend Play Framework
445
VMScore
CVE-2022-31018
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 up to and including 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` metho...
Lightbend Play Framework
445
VMScore
CVE-2020-26882
In Play Framework 2.6.0 up to and including 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
Lightbend Play Framework
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2