Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.typesafe.play/play@2.8.0
Typemaven
Namespacecom.typesafe.play
Nameplay
Version2.8.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.8.3
Latest_non_vulnerable_version2.8.5
Affected_by_vulnerabilities
0
url VCID-378h-ypwm-f7hn
vulnerability_id VCID-378h-ypwm-f7hn
summary 
Uncontrolled Recursion
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
references
0
reference_url https://github.com/playframework/playframework/pull/10495
reference_id
reference_type
scores
url https://github.com/playframework/playframework/pull/10495
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26882
reference_id CVE-2020-26882
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-26882
2
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
reference_id CVE-2020-26882-JSONPARSEDATAAMPLIFICATION
reference_type
scores
url https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
3
reference_url https://github.com/advisories/GHSA-r8rm-4hfj-2x87
reference_id GHSA-r8rm-4hfj-2x87
reference_type
scores
url https://github.com/advisories/GHSA-r8rm-4hfj-2x87
fixed_packages
0
url pkg:maven/com.typesafe.play/play@2.8.3
purl pkg:maven/com.typesafe.play/play@2.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.8.3
aliases CVE-2020-26882, GHSA-r8rm-4hfj-2x87
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-378h-ypwm-f7hn
1
url VCID-m5vk-jhf3-xkfw
vulnerability_id VCID-m5vk-jhf3-xkfw
summary 
Data Amplification in Play Framework
An issue was discovered in Play Framework Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play that used the Play Java API to serialize classes with protected or private fields to JSON.
references
0
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
url https://www.playframework.com/security/vulnerability
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28923
reference_id CVE-2020-28923
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-28923
2
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
reference_id CVE-2020-28923-IMPROPERREMOVALOFSENSITIVEINFORMATIONBEFORESTORAGEORTRANSFER
reference_type
scores
url https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
3
reference_url https://github.com/advisories/GHSA-v9mf-jgq3-c28h
reference_id GHSA-v9mf-jgq3-c28h
reference_type
scores
url https://github.com/advisories/GHSA-v9mf-jgq3-c28h
fixed_packages
0
url pkg:maven/com.typesafe.play/play@2.8.5
purl pkg:maven/com.typesafe.play/play@2.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.8.5
aliases CVE-2020-28923, GHSA-v9mf-jgq3-c28h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vk-jhf3-xkfw
2
url VCID-r21j-tf23-vuh2
vulnerability_id VCID-r21j-tf23-vuh2
summary 
Out-of-bounds Write
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
references
0
reference_url https://github.com/playframework/playframework/pull/10321
reference_id
reference_type
scores
url https://github.com/playframework/playframework/pull/10321
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
reference_id CVE-2020-27196
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
2
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
reference_id CVE-2020-27196-DOSVIAJSONSTACKOVERFLOW
reference_type
scores
url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
3
reference_url https://github.com/advisories/GHSA-h48w-c35p-6m8x
reference_id GHSA-h48w-c35p-6m8x
reference_type
scores
url https://github.com/advisories/GHSA-h48w-c35p-6m8x
fixed_packages
0
url pkg:maven/com.typesafe.play/play@2.8.3
purl pkg:maven/com.typesafe.play/play@2.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.8.3
aliases CVE-2020-27196, GHSA-h48w-c35p-6m8x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r21j-tf23-vuh2
3
url VCID-z911-wjbu-kfcf
vulnerability_id VCID-z911-wjbu-kfcf
summary 
Uncontrolled Recursion
In Play Framework, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
references
0
reference_url https://github.com/playframework/playframework/pull/10495
reference_id
reference_type
scores
url https://github.com/playframework/playframework/pull/10495
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26883
reference_id CVE-2020-26883
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-26883
2
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
reference_id CVE-2020-26883-JSONPARSEUNCONTROLLEDRECURSION
reference_type
scores
url https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
3
reference_url https://github.com/advisories/GHSA-p8p6-rcp6-4mrm
reference_id GHSA-p8p6-rcp6-4mrm
reference_type
scores
url https://github.com/advisories/GHSA-p8p6-rcp6-4mrm
fixed_packages
0
url pkg:maven/com.typesafe.play/play@2.8.3
purl pkg:maven/com.typesafe.play/play@2.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.8.3
aliases CVE-2020-26883, GHSA-p8p6-rcp6-4mrm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z911-wjbu-kfcf
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.8.0