XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-12-29 22:29
Updated : 2024-02-28 16:04
NVD link : CVE-2014-3630
Mitre link : CVE-2014-3630
CVE.ORG link : CVE-2014-3630
JSON object : View
Products Affected
lightbend
- play_framework
playframework
- play_framework
CWE
CWE-611
Improper Restriction of XML External Entity Reference