XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ - | |
References | () https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ - | |
References | () https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf - Issue Tracking, Third Party Advisory | |
References | () https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity - Issue Tracking, Mitigation, Vendor Advisory |
07 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-12-29 22:29
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3630
Mitre link : CVE-2014-3630
CVE.ORG link : CVE-2014-3630
JSON object : View
Products Affected
lightbend
- play_framework
playframework
- play_framework
CWE
CWE-611
Improper Restriction of XML External Entity Reference