← Back

Play Framework

play_framework

Vendor: Playframework • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-3630
2Lightbend
Playframework
2Play Framework
Play Framework
May 13, 2026
Dec 29, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspec...Show more
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.Show less
CVE-2015-2156
3Lightbend
NettyPlayframework
3Netty
Play FrameworkPlay Framework
May 13, 2026
Oct 18, 2017
N/A· v4
7.5 HIGH· v3
4.3 MEDIUM· v2
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and ob...Show more
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.Show less