The Play! Framework is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory- traversal sequences to read arbitrary files in the context of the user running the affected application. Information obtained could aid in further attacks. Play! 1.0.3.1 is vulnerable other versions may also be affected.

• http://www.playframework.org/
• https://www.securityfocus.com/bid/42340

---

Updated on 2015-03-25