CVE-2014-3630

Name of the Vulnerable Software and Affected Versions: Play versions prior to 2.2.6 Play versions 2.3.x prior to 2.3.5

Description: The issue is related to an XML external entity (XXE) vulnerability in the Java XML processing functionality. This might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

Recommendations: For Play versions prior to 2.2.6, update to version 2.2.6 or later. For Play versions 2.3.x prior to 2.3.5, update to version 2.3.5 or later.