Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.typesafe.play/play-ws_2.12@2.8.2
Typemaven
Namespacecom.typesafe.play
Nameplay-ws_2.12
Version2.8.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-378h-ypwm-f7hn
vulnerability_id VCID-378h-ypwm-f7hn
summary 
Uncontrolled Recursion
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26882
reference_id
reference_type
scores
0
value 0.00408
scoring_system epss
scoring_elements 0.61491
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26882
1
reference_url https://github.com/playframework/playframework/pull/10495
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/playframework/playframework/pull/10495
2
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
url https://www.playframework.com/security/vulnerability
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26882
reference_id CVE-2020-26882
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26882
4
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
reference_id CVE-2020-26882-JSONPARSEDATAAMPLIFICATION
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
5
reference_url https://github.com/advisories/GHSA-r8rm-4hfj-2x87
reference_id GHSA-r8rm-4hfj-2x87
reference_type
scores
url https://github.com/advisories/GHSA-r8rm-4hfj-2x87
fixed_packages
0
url pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
purl pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m5vk-jhf3-xkfw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
aliases CVE-2020-26882, GHSA-r8rm-4hfj-2x87
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-378h-ypwm-f7hn
1
url VCID-m5vk-jhf3-xkfw
vulnerability_id VCID-m5vk-jhf3-xkfw
summary 
Data Amplification in Play Framework
An issue was discovered in Play Framework Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play that used the Play Java API to serialize classes with protected or private fields to JSON.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28923
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39675
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28923
1
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28923
reference_id CVE-2020-28923
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28923
3
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
reference_id CVE-2020-28923-IMPROPERREMOVALOFSENSITIVEINFORMATIONBEFORESTORAGEORTRANSFER
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
4
reference_url https://github.com/advisories/GHSA-v9mf-jgq3-c28h
reference_id GHSA-v9mf-jgq3-c28h
reference_type
scores
url https://github.com/advisories/GHSA-v9mf-jgq3-c28h
fixed_packages
0
url pkg:maven/com.typesafe.play/play-ws_2.12@2.8.5
purl pkg:maven/com.typesafe.play/play-ws_2.12@2.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.5
aliases CVE-2020-28923, GHSA-v9mf-jgq3-c28h
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vk-jhf3-xkfw
2
url VCID-r21j-tf23-vuh2
vulnerability_id VCID-r21j-tf23-vuh2
summary 
Out-of-bounds Write
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27196
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67373
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27196
1
reference_url https://github.com/playframework/playframework/pull/10321
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/playframework/playframework/pull/10321
2
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
url https://www.playframework.com/security/vulnerability
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
reference_id CVE-2020-27196
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
4
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
reference_id CVE-2020-27196-DOSVIAJSONSTACKOVERFLOW
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
5
reference_url https://github.com/advisories/GHSA-h48w-c35p-6m8x
reference_id GHSA-h48w-c35p-6m8x
reference_type
scores
url https://github.com/advisories/GHSA-h48w-c35p-6m8x
fixed_packages
0
url pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
purl pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m5vk-jhf3-xkfw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
aliases CVE-2020-27196, GHSA-h48w-c35p-6m8x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r21j-tf23-vuh2
3
url VCID-z911-wjbu-kfcf
vulnerability_id VCID-z911-wjbu-kfcf
summary 
Uncontrolled Recursion
In Play Framework, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26883
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67373
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26883
1
reference_url https://github.com/playframework/playframework/pull/10495
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/playframework/playframework/pull/10495
2
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
url https://www.playframework.com/security/vulnerability
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26883
reference_id CVE-2020-26883
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26883
4
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
reference_id CVE-2020-26883-JSONPARSEUNCONTROLLEDRECURSION
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
5
reference_url https://github.com/advisories/GHSA-p8p6-rcp6-4mrm
reference_id GHSA-p8p6-rcp6-4mrm
reference_type
scores
url https://github.com/advisories/GHSA-p8p6-rcp6-4mrm
fixed_packages
0
url pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
purl pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m5vk-jhf3-xkfw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3
aliases CVE-2020-26883, GHSA-p8p6-rcp6-4mrm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z911-wjbu-kfcf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.2