CVE-2020-28923 - Improper removal of sensitive information before storage or transfer
58 views
Skip to first unread message
Ignasi Marimon-Clos i Sunyol
Nov 23, 2020, 5:35:19 AM11/23/20
to play-framew...@googlegroups.com
Play JSON handling on the Java API serializes private and protected fields.
This vulnerability affects Play 2.8.0 to 2.8.4.
This issue is fixed on Play 2.8.5. Please upgrade as soon as possible to avoid this security issue.
For details on this vulnerability, please see the advisory on the Play website:
https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
--
Ignasi Marimon-Clos
Senior Engineer @ Akka team
This vulnerability affects Play 2.8.0 to 2.8.4.
This issue is fixed on Play 2.8.5. Please upgrade as soon as possible to avoid this security issue.
For details on this vulnerability, please see the advisory on the Play website:
https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
--
Ignasi Marimon-Clos
Senior Engineer @ Akka team
Reply all
Reply to author
Forward
0 new messages