CVE-2022-31018 and CVE-2022-31023
51 views
Skip to first unread message
Matthias Kurz
Jun 8, 2022, 5:23:39 AM6/8/22
to play-framew...@googlegroups.com
Hi,
CVE-2022-31018 - Denial of service when binding forms from JSON (affecting Play versions 2.8.3-2.8.15)
CVE-2022-31023 - Dev error stack trace leaking into prod (affecting Play versions up to and including 2.8.15)
Both vulnerabilities are fixed in Play 2.8.16.
For details on these vulnerabilities, please have a look at the release notes and the Play GitHub security advisories:
https://github.com/playframework/playframework/releases/tag/2.8.16
https://github.com/playframework/playframework/security/advisories/GHSA-v8x6-59g4-5g3w
https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh
Also thanks to our backers and specially to our premium sponsors!
If you want support us as well you can find more details here: https://playframework.com/sponsors
Kind regards,
Kind regards,
Matthias Kurz
Maintainer Play Framework
Reply all
Reply to author
Forward
0 new messages