A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 up to and including 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote malicious user to download arbitrary files from the target server via specially crafted HTTP requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lightbend play_framework |