Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2014-3630

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

  • Published: Dec 29, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-3630
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
playframework / play_framework 2.2.5 2.2.5.x
playframework / play_framework 2.2.4 2.2.4.x
playframework / play_framework 2.2.3 2.2.3.x
playframework / play_framework 2.2.2-rc4 2.2.2-rc4.x
playframework / play_framework 2.2.2-rc3 2.2.2-rc3.x
playframework / play_framework 2.2.2-rc2 2.2.2-rc2.x
playframework / play_framework 2.2.2-rc1 2.2.2-rc1.x
playframework / play_framework 2.2.1-rc1 2.2.1-rc1.x
playframework / play_framework 2.2.0-rc1 2.2.0-rc1.x
lightbend / play_framework 2.2.0 2.2.0.x
lightbend / play_framework 2.2.0-milestone1 2.2.0-milestone1.x
lightbend / play_framework 2.2.0-milestone2 2.2.0-milestone2.x
lightbend / play_framework 2.2.0-milestone3 2.2.0-milestone3.x
lightbend / play_framework 2.2.1 2.2.1.x
lightbend / play_framework 2.2.2 2.2.2.x
lightbend / play_framework 2.3.0 2.3.0.x
lightbend / play_framework 2.3.0-rc1 2.3.0-rc1.x
lightbend / play_framework 2.3.0-rc2 2.3.0-rc2.x
lightbend / play_framework 2.3.1 2.3.1.x
lightbend / play_framework 2.3.2 2.3.2.x
lightbend / play_framework 2.3.2-rc1 2.3.2-rc1.x
lightbend / play_framework 2.3.2-rc2 2.3.2-rc2.x
lightbend / play_framework 2.3.3 2.3.3.x
lightbend / play_framework 2.3.4 2.3.4.x