Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.typesafe.play/play-java@2.6.0
purl pkg:maven/com.typesafe.play/play-java@2.6.0
Next non-vulnerable version 2.7.6
Latest non-vulnerable version 2.8.3
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-r21j-tf23-vuh2
Aliases:
CVE-2020-27196
GHSA-h48w-c35p-6m8x
Out-of-bounds Write An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
2.7.6
Affected by 0 other vulnerabilities.
2.8.3
Affected by 0 other vulnerabilities.
VCID-z911-wjbu-kfcf
Aliases:
CVE-2020-26883
GHSA-p8p6-rcp6-4mrm
Uncontrolled Recursion In Play Framework, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
2.7.6
Affected by 0 other vulnerabilities.
2.8.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:41:31.476707+00:00 GitLab Importer Affected by VCID-r21j-tf23-vuh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.typesafe.play/play-java/CVE-2020-27196.yml 38.6.0
2026-06-02T04:41:27.691859+00:00 GitLab Importer Affected by VCID-z911-wjbu-kfcf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.typesafe.play/play-java/CVE-2020-26883.yml 38.6.0