CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-13864

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.8%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://www.playframework.com/security/vulnerability/CVE-2018-13864-PathTraversal
https://www.playframework.com/security/vulnerability/CVE-2018-13864-PathTraversal

Products affected by CVE-2018-13864

Lightbend » Play Framework » Version: 2.6.12

cpe:2.3:a:lightbend:play_framework:2.6.12
Lightbend » Play Framework » Version: 2.6.13

cpe:2.3:a:lightbend:play_framework:2.6.13
Lightbend » Play Framework » Version: 2.6.14

cpe:2.3:a:lightbend:play_framework:2.6.14
Lightbend » Play Framework » Version: 2.6.15

cpe:2.3:a:lightbend:play_framework:2.6.15
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13864

Products

Pricing

Contact Us