Meta tags:
description= Play Framework - The High Velocity Web Framework For Java and Scala;
Headings (most frequently used words):
play, in, fixed, vulnerability, cve, xmlexternalentity, xml, external, entity, xss, 2020, session, json, parse, filter, bypass, ws, improper, csrf, http, 20171005, corsvaryheader, vary, header, handling, cors, 2014, 3630, 20130920, 20130911, 20130806, sessioninjection, injection, 20160301, xsssecuremodule, the, secure, module, login, page, 20151230, sessionhijack, hijack, 20150506, xssurlparamerter, url, parameter, 16, of, denial, service, stack, 24, to, 18, 14, 11, 26882, jsonparsedataamplification, data, amplification, 26883, jsonparseuncontrolledrecursion, uncontrolled, recursion, 27196, dosviajsonstackoverflow, dos, via, overflow, 12480, csrfblacklistbypass, content, type, black, list, 2019, 17598, playwshttpconnectauthorizationheaders, sending, connect, including, authorizing, headers, target, host, 2018, 13864, pathtraversal, path, traversal, assets, controller, 20170828, invaliduriparsing, asynchttpclient, and, uri, parsing, 20170407, logbackdeser, java, deserialization, logback, socketappender, 20170120, wsoauthdos, oauth, 20160304, csrfbypass, 20160622, javascriptrouterxss, javascript, router, 2015, 2156, httponlybypass, only, cookie, 2022, security, vulnerabilities, 31018, when, binding, forms, from, 31023, dev, error, trace, leaking, into, prod, 28923, improperremovalofsensitiveinformationbeforestorageortransfer, removal, sensitive, information, before, storage, or, transfer, community, receiving, advisories, reporting, documentation, find, help, contribute, support, donate, our, collective, framework, links, code, contribution, social, networks,
Text of the page (most frequently used words):
play (59), fixed (30), #vulnerability (16), cve (16), security (11), 2020 (9), the (8), json (7), xml (6), external (6), #entity (6), xmlexternalentity (6), list (6), parse (6), and (5), xss (5), code (4), documentation (4), forum (4), vulnerabilities (4), stack (4), session (4), bypass (4), filter (4), png (4), svg (4), framework (3), collective (3), get (3), involved (3), via (3), community (3), discord (3), discuss (3), overflow (3), csrf (3), improper (3), open (2), twitter (2), github (2), contributors (2), try (2), you (2), our (2), stackoverflow (2), reporting (2), server (2), advisories (2), first (2), url (2), parameter (2), 20150506 (2), xssurlparamerter (2), hijack (2), 20151230 (2), sessionhijack (2), secure (2), module (2), login (2), page (2), 20160301 (2), xsssecuremodule (2), injection (2), 20130806 (2), sessioninjection (2), 20130911 (2), 20130920 (2), 2014 (2), 3630 (2), http (2), only (2), denial (2), service (2), vary (2), header (2), handling (2), cors (2), 20171005 (2), corsvaryheader (2), content (2), type (2), black (2), 12480 (2), csrfblacklistbypass (2), dos (2), 27196 (2), dosviajsonstackoverflow (2), uncontrolled (2), recursion (2), 26883 (2), jsonparseuncontrolledrecursion (2), data (2), amplification (2), 26882 (2), jsonparsedataamplification (2), before (2), 2022 (2), all (2), email (2), core (2), team (2), mailing (2), released, under, apache, license, social, networks, bug, tracker, contribution, jobs, indeed, links, tutorials, like, consider, becoming, sponsor, donate, support, process, conduct, contribute, find, help, change, log, full, build, your, app, requirements, cookie, 2015, 2156, httponlybypass, javascript, router, 20160622, javascriptrouterxss, 20160304, csrfbypass, oauth, 20170120, wsoauthdos, java, deserialization, logback, socketappender, 20170407, logbackdeser, asynchttpclient, uri, parsing, 20170828, invaliduriparsing, path, traversal, assets, controller, 2018, 13864, pathtraversal, sending, connect, including, authorizing, headers, target, host, 2019, 17598, playwshttpconnectauthorizationheaders, removal, sensitive, information, storage, transfer, 28923, improperremovalofsensitiveinformationbeforestorageortransfer, dev, error, trace, leaking, into, prod, 31023, when, binding, forms, from, 31018, bugs, should, reported, this, delivered, subset, who, handle, issues, protected, strongly, encourage, people, report, such, problems, private, disclosing, them, public, very, low, traffic, receives, notifications, after, reports, have, been, managed, fixes, are, publicly, available, best, way, receive, any, announcements, subscribe, receiving, that, what, looking, for,
Text of the page (random words):
play security vulnerabilities play framework try play documentation get involved open collective discuss play forum play discord server twitter github stackoverflow is that what you re looking for svg png svg png svg png svg png security vulnerabilities receiving security advisories the best way to receive any and all security announcements is to subscribe to the play security list the mailing list is very low traffic and receives notifications only after security reports have been managed by the core team and fixes are publicly available reporting vulnerabilities we strongly encourage people to report such problems to our private security mailing list first before disclosing them in a public forum all security bugs in play should be reported by email to email protected this list is delivered to a subset of the core team who handle security issues play 2 8 x fixed in play 2 8 16 cve 2022 31018 denial of service when binding forms from json cve 2022 31023 dev error stack trace leaking into prod fixed in play 2 8 5 cve 2020 28923 improperremovalofsensitiveinformationbeforestorageortransfer improper removal of sensitive information before storage or transfer fixed in play 2 8 3 cve 2020 26882 jsonparsedataamplification json parse data amplification cve 2020 26883 jsonparseuncontrolledrecursion json parse uncontrolled recursion cve 2020 27196 dosviajsonstackoverflow dos via json parse stack overflow fixed in play 2 8 2 cve 2020 12480 csrfblacklistbypass play csrf filter content type black list bypass play 2 7 x fixed in play 2 7 6 cve 2020 26882 jsonparsedataamplification json parse data amplification cve 2020 26883 jsonparseuncontrolledrecursion json parse uncontrolled recursion cve 2020 27196 dosviajsonstackoverflow dos via json parse stack overflow fixed in play 2 7 5 cve 2020 12480 csrfblacklistbypass play csrf filter content type black list bypass play 2 6 x fixed in play 2 6 24 cve 2019 17598 playwshttpconnectauthorizationheaders play ws sending http connect including authorizing headers to target host fixed in play 2 6 16 cve 2018 13864 pathtraversal path traversal in assets controller fixed in play 2 6 6 20171005 corsvaryheader improper vary header handling in cors filter fixed in play 2 6 5 20170828 invaliduriparsing asynchttpclient and play ws uri parsing vulnerability play 2 5 x fixed in play 2 5 18 20171005 corsvaryheader improper vary header handling in cors filter fixed in play 2 5 14 20170407 logbackdeser java deserialization vulnerability in logback socketappender fixed in play 2 5 11 20170120 wsoauthdos ws oauth denial of service play 2 4 x fixed in play 2 5 0 20160304 csrfbypass csrf bypass fixed in play 2 4 8 20160622 javascriptrouterxss javascript router xss play 2 3 x fixed in play 2 3 9 cve 2015 2156 httponlybypass http only cookie bypass fixed in play 2 3 5 cve 2014 3630 xmlexternalentity xml external entity vulnerability play 2 2 x fixed in play 2 2 6 cve 2014 3630 xmlexternalentity xml external entity vulnerability play 2 1 x fixed in play 2 1 5 20130920 xmlexternalentity xml external entity vulnerability fixed in play 2 1 4 20130911 xmlexternalentity xml external entity vulnerability fixed in play 2 1 3 20130806 sessioninjection session injection vulnerability play 2 0 x fixed in play 2 0 8 20130920 xmlexternalentity xml external entity vulnerability fixed in play 2 0 7 20130911 xmlexternalentity xml external entity vulnerability fixed in play 2 0 6 20130806 sessioninjection session injection vulnerability play 1 4 x fixed in play 1 4 2 20160301 xsssecuremodule xss vulnerability in the secure module login page fixed in play 1 4 1 20151230 sessionhijack session hijack vulnerability play 1 3 x fixed in play 1 3 4 20160301 xsssecuremodule xss vulnerability in the secure module login page fixed in play 1 3 3 20151230 sessionhijack session hijack vulnerability fixed in play 1 3 1 20150506 xssurlparamerter xss url parameter vulnerability play 1 2 x fixed in play 1 2 7 2 20150506 xssurlparamerter xss url parameter vulnerability documentation play requirements build your first app full documentation change log security advisories find help discuss play forum discord server stack overflow contribute code and contributors code of conduct get involved community process reporting security vulnerabilities community support discuss forum discord stackoverflow donate to our collective if you like play consider becoming a sponsor play framework try play tutorials documentation community links jobs via indeed code contribution code contributors bug tracker github get involved social networks twitter open collective play framework is released under the apache 2 license
|