RSS   Podatności dla 'Play framework'   RSS

2017-12-29
 
CVE-2014-3630

CWE-611
 

 
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

 
2017-10-18
 
CVE-2015-2156

CWE-20
 

 
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

 


Copyright 2024, cxsecurity.com

 

Back to Top