Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.typesafe.play/play_2.11@2.4.7
Typemaven
Namespacecom.typesafe.play
Nameplay_2.11
Version2.4.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5rgy-2ftt-wbak
vulnerability_id VCID-5rgy-2ftt-wbak
summary Out-of-bounds Write in Play Framework
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27196
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67554
published_at 2026-06-12T12:55:00Z
1
value 0.00526
scoring_system epss
scoring_elements 0.67463
published_at 2026-06-11T12:55:00Z
2
value 0.00526
scoring_system epss
scoring_elements 0.67564
published_at 2026-06-14T12:55:00Z
3
value 0.00526
scoring_system epss
scoring_elements 0.67567
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27196
1
reference_url https://github.com/playframework/playframework/pull/10321
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/playframework/playframework/pull/10321
2
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
url https://www.playframework.com/security/vulnerability
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
reference_id CVE-2020-27196
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
4
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
reference_id CVE-2020-27196-DOSVIAJSONSTACKOVERFLOW
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
5
reference_url https://github.com/advisories/GHSA-h48w-c35p-6m8x
reference_id GHSA-h48w-c35p-6m8x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h48w-c35p-6m8x
fixed_packages
0
url pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
purl pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p48p-skh8-ebgd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
1
url pkg:maven/com.typesafe.play/play_2.11@2.7.6
purl pkg:maven/com.typesafe.play/play_2.11@2.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p48p-skh8-ebgd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.7.6
aliases CVE-2020-27196, GHSA-h48w-c35p-6m8x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rgy-2ftt-wbak
1
url VCID-fve1-eq7u-vkbv
vulnerability_id VCID-fve1-eq7u-vkbv
summary Uncontrolled Recursion in Play Framework
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26883
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67554
published_at 2026-06-12T12:55:00Z
1
value 0.00526
scoring_system epss
scoring_elements 0.67463
published_at 2026-06-11T12:55:00Z
2
value 0.00526
scoring_system epss
scoring_elements 0.67564
published_at 2026-06-14T12:55:00Z
3
value 0.00526
scoring_system epss
scoring_elements 0.67567
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26883
1
reference_url https://github.com/playframework/playframework/pull/10495
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/playframework/playframework/pull/10495
2
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
url https://www.playframework.com/security/vulnerability
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26883
reference_id CVE-2020-26883
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26883
4
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
reference_id CVE-2020-26883-JSONPARSEUNCONTROLLEDRECURSION
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
5
reference_url https://github.com/advisories/GHSA-p8p6-rcp6-4mrm
reference_id GHSA-p8p6-rcp6-4mrm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8p6-rcp6-4mrm
fixed_packages
0
url pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
purl pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p48p-skh8-ebgd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
1
url pkg:maven/com.typesafe.play/play_2.11@2.7.6
purl pkg:maven/com.typesafe.play/play_2.11@2.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p48p-skh8-ebgd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.7.6
2
url pkg:maven/com.typesafe.play/play_2.11@2.8.3
purl pkg:maven/com.typesafe.play/play_2.11@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wwdv-7v1a-h7an
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.8.3
aliases CVE-2020-26883, GHSA-p8p6-rcp6-4mrm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fve1-eq7u-vkbv
2
url VCID-p48p-skh8-ebgd
vulnerability_id VCID-p48p-skh8-ebgd
summary Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31023
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.63088
published_at 2026-06-14T12:55:00Z
1
value 0.0043
scoring_system epss
scoring_elements 0.63091
published_at 2026-06-13T12:55:00Z
2
value 0.0043
scoring_system epss
scoring_elements 0.63079
published_at 2026-06-12T12:55:00Z
3
value 0.0043
scoring_system epss
scoring_elements 0.62978
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31023
1
reference_url https://github.com/playframework/playframework
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/playframework/playframework
2
reference_url https://github.com/playframework/playframework/pull/11305
reference_id 11305
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:14Z/
url https://github.com/playframework/playframework/pull/11305
3
reference_url https://github.com/playframework/playframework/releases/tag/2.8.16
reference_id 2.8.16
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:14Z/
url https://github.com/playframework/playframework/releases/tag/2.8.16
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31023
reference_id CVE-2022-31023
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31023
5
reference_url https://github.com/advisories/GHSA-p9p4-97g9-wcrh
reference_id GHSA-p9p4-97g9-wcrh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9p4-97g9-wcrh
6
reference_url https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh
reference_id GHSA-p9p4-97g9-wcrh
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:14Z/
url https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh
fixed_packages
0
url pkg:maven/com.typesafe.play/play_2.11@2.8.16
purl pkg:maven/com.typesafe.play/play_2.11@2.8.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.8.16
aliases CVE-2022-31023, GHSA-p9p4-97g9-wcrh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p48p-skh8-ebgd
3
url VCID-q9tf-sv2n-jbdm
vulnerability_id VCID-q9tf-sv2n-jbdm
summary Data Amplification in Play Framework
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26882
reference_id
reference_type
scores
0
value 0.00408
scoring_system epss
scoring_elements 0.61706
published_at 2026-06-12T12:55:00Z
1
value 0.00408
scoring_system epss
scoring_elements 0.61603
published_at 2026-06-11T12:55:00Z
2
value 0.00408
scoring_system epss
scoring_elements 0.61709
published_at 2026-06-14T12:55:00Z
3
value 0.00408
scoring_system epss
scoring_elements 0.61714
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26882
1
reference_url https://github.com/playframework/playframework/pull/10495
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/playframework/playframework/pull/10495
2
reference_url https://www.playframework.com/security/vulnerability
reference_id
reference_type
scores
url https://www.playframework.com/security/vulnerability
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26882
reference_id CVE-2020-26882
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26882
4
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
reference_id CVE-2020-26882-JSONPARSEDATAAMPLIFICATION
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
5
reference_url https://github.com/advisories/GHSA-r8rm-4hfj-2x87
reference_id GHSA-r8rm-4hfj-2x87
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8rm-4hfj-2x87
fixed_packages
0
url pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
purl pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p48p-skh8-ebgd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.7.0-M1
1
url pkg:maven/com.typesafe.play/play_2.11@2.7.6
purl pkg:maven/com.typesafe.play/play_2.11@2.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p48p-skh8-ebgd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.7.6
2
url pkg:maven/com.typesafe.play/play_2.11@2.8.3
purl pkg:maven/com.typesafe.play/play_2.11@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wwdv-7v1a-h7an
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.8.3
aliases CVE-2020-26882, GHSA-r8rm-4hfj-2x87
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9tf-sv2n-jbdm
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play_2.11@2.4.7