Play Framework 1 XSS Vulnerability
173 views
Skip to first unread message
James Roper
May 6, 2015, 3:47:11 AM5/6/15
to play-framew...@googlegroups.com
A security vulnerability has been found in Play Framework versions 1.2.0 to 1.3.0. It affects any applications that place user data into URLs generated by Play and rendered on HTML pages.
This vulnerability has been fixed in Play 1.3.1, 1.2.7.2, 1.2.6.1 and 1.2.5.5, and workarounds have been published for other affected versions.
The Play team recommends that all Play 1 upgrade to a fixed version or implement the published work around immediately.
For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:
This vulnerability has been fixed in Play 1.3.1, 1.2.7.2, 1.2.6.1 and 1.2.5.5, and workarounds have been published for other affected versions.
The Play team recommends that all Play 1 upgrade to a fixed version or implement the published work around immediately.
For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:
Regards,
Reply all
Reply to author
Forward
0 new messages