VulnerableCode Package Details - pkg:maven/com.typesafe.play/play@2.8.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-378h-ypwm-f7hn Aliases: CVE-2020-26882 GHSA-r8rm-4hfj-2x87	Uncontrolled Recursion In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.	2.8.3 Affected by 0 other vulnerabilities.
VCID-m5vk-jhf3-xkfw Aliases: CVE-2020-28923 GHSA-v9mf-jgq3-c28h	Data Amplification in Play Framework An issue was discovered in Play Framework Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play that used the Play Java API to serialize classes with protected or private fields to JSON.	2.8.5 Affected by 0 other vulnerabilities.
VCID-r21j-tf23-vuh2 Aliases: CVE-2020-27196 GHSA-h48w-c35p-6m8x	Out-of-bounds Write An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.	2.8.3 Affected by 0 other vulnerabilities.
VCID-z911-wjbu-kfcf Aliases: CVE-2020-26883 GHSA-p8p6-rcp6-4mrm	Uncontrolled Recursion In Play Framework, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.	2.8.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-378h-ypwm-f7hn
Aliases:
CVE-2020-26882
GHSA-r8rm-4hfj-2x87

Uncontrolled Recursion In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.

2.8.3
Affected by 0 other vulnerabilities.

VCID-m5vk-jhf3-xkfw
Aliases:
CVE-2020-28923
GHSA-v9mf-jgq3-c28h

Data Amplification in Play Framework An issue was discovered in Play Framework Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play that used the Play Java API to serialize classes with protected or private fields to JSON.

2.8.5
Affected by 0 other vulnerabilities.

VCID-r21j-tf23-vuh2
Aliases:
CVE-2020-27196
GHSA-h48w-c35p-6m8x

Out-of-bounds Write An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.

2.8.3
Affected by 0 other vulnerabilities.

VCID-z911-wjbu-kfcf
Aliases:
CVE-2020-26883
GHSA-p8p6-rcp6-4mrm

Uncontrolled Recursion In Play Framework, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.

2.8.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:41:29.712505+00:00	GitLab Importer	Affected by	VCID-z911-wjbu-kfcf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.typesafe.play/play/CVE-2020-26883.yml	38.6.0
2026-06-02T04:41:28.904165+00:00	GitLab Importer	Affected by	VCID-378h-ypwm-f7hn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.typesafe.play/play/CVE-2020-26882.yml	38.6.0
2026-06-02T04:41:28.059802+00:00	GitLab Importer	Affected by	VCID-r21j-tf23-vuh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.typesafe.play/play/CVE-2020-27196.yml	38.6.0
2026-06-02T04:41:17.550477+00:00	GitLab Importer	Affected by	VCID-m5vk-jhf3-xkfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.typesafe.play/play/CVE-2020-28923.yml	38.6.0