PT-2017-5880 · Lightbend · Play
David Jorm
·
Published
2017-12-29
·
Updated
2019-11-25
·
CVE-2014-3630
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Play versions prior to 2.2.6
Play versions 2.3.x prior to 2.3.5
Description:
The issue is related to an XML external entity (XXE) vulnerability in the Java XML processing functionality. This might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Recommendations:
For Play versions prior to 2.2.6, update to version 2.2.6 or later.
For Play versions 2.3.x prior to 2.3.5, update to version 2.3.5 or later.
Fix
DoS
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Play