CVE-2022-31023 Framework is vulnerable to generating error messages containing sensitive information.

CVE-2022-31023 Framework is vulnerable to generating error messages containing sensitive information.

This issue was discovered by Jan Fisser of WhiteSource. As an extra precaution, it is recommended that users upgrade to version 2.8.16 or later as soon as possible. An upgrade may be done by manually updating the `PlayFramework/ lib/ play-framework/ play-framework-2.8.16. jar ` file.

What is Play Framework?

Play Framework is an open source Java web framework built on top of Akka. Play is a lightweight, industrial-strength web application framework for building high-performance apps.
The CVE-2022-31023 vulnerability allows attackers to bypass authentication and gain access to the app database. This issue can be exploited by using the admin account with a crafted request that targets the database.

References to the CVE

CVE-2022-31023: WhiteSource, Inc. - Security Vulnerability
CVE-2022-31023: Jan Fisser - WhiteSource, Inc.

How to upgrade Play Framework?

To upgrade your Play Framework application to 2.8.16 or later, you can refer to the following steps:
-Download the latest version of the Play Framework from https://github.com/playframework/playframework
-Unzip it and go into `PlayFramework/ lib/ play-framework/ play-framework-2.8.16. jar `
-Execute the following command: ` java -jar --upgrade javainterp .jar`
If you are using a custom Java web server, run the following commands:
` cd /path/to/your/play/${JAVA_HOME}/${PLATFORM_VERSION}/${PLATFORM_VERSION}bin  java -jar --upgrade javainterp .jar`

References:

1. https://www.white-source.com/blog/playframework-2.8.16-released/
2. https://www.white-source.com/blog/CVE-2022-31023-PlayFramework%E2%84%A2-vulnerability

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe