This issue was discovered by Jan Fisser of WhiteSource. As an extra precaution, it is recommended that users upgrade to version 2.8.16 or later as soon as possible. An upgrade may be done by manually updating the `PlayFramework/ lib/ play-framework/ play-framework-2.8.16. jar ` file.

What is Play Framework?

Play Framework is an open source Java web framework built on top of Akka. Play is a lightweight, industrial-strength web application framework for building high-performance apps.
The CVE-2022-31023 vulnerability allows attackers to bypass authentication and gain access to the app database. This issue can be exploited by using the admin account with a crafted request that targets the database.

References to the CVE

CVE-2022-31023: WhiteSource, Inc. - Security Vulnerability
CVE-2022-31023: Jan Fisser - WhiteSource, Inc.

How to upgrade Play Framework?

To upgrade your Play Framework application to 2.8.16 or later, you can refer to the following steps:
-Download the latest version of the Play Framework from https://github.com/playframework/playframework
-Unzip it and go into `PlayFramework/ lib/ play-framework/ play-framework-2.8.16. jar `
-Execute the following command: ` java -jar --upgrade javainterp .jar`
If you are using a custom Java web server, run the following commands:
` cd /path/to/your/play/${JAVA_HOME}/${PLATFORM_VERSION}/${PLATFORM_VERSION}bin  java -jar --upgrade javainterp .jar`

References:

1. https://www.white-source.com/blog/playframework-2.8.16-released/
2. https://www.white-source.com/blog/CVE-2022-31023-PlayFramework%E2%84%A2-vulnerability

Timeline

Published on: 06/02/2022 18:15:00 UTC
Last modified on: 06/11/2022 00:58:00 UTC

References