com.typesafe.play:play

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.typesafe.play:playpage 1 of 1

CVE-2020-26882HIGHCVSS 7.5EG 7.5✓ Fixed in 2.8.3
2020-11-06
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
CVE-2020-26883HIGHCVSS 7.5EG 7.5✓ Fixed in 2.8.3
2020-11-06
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
CVE-2020-27196HIGHCVSS 7.5EG 7.5✓ Fixed in 2.8.3
2020-11-06
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not exp…
CVE-2020-28923LOWCVSS 2.7EG 2.7✓ Fixed in 2.8.5
2020-12-03
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to …

Check whether com.typesafe.play:play is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.typesafe.play:play CVEs against the assets you own.

Start Free Scan →