Vulnerabilities (CVE)

Filtered by vendor Playframework Subscribe
Filtered by product Play Framework
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2156 3 Lightbend, Netty, Playframework 3 Play Framework, Netty, Play Framework 2024-11-21 4.3 MEDIUM 7.5 HIGH
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
CVE-2014-3630 2 Lightbend, Playframework 2 Play Framework, Play Framework 2024-11-21 7.5 HIGH 9.8 CRITICAL
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.