cvedb.io
CVE-2022-31023
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2022-06-02T18:15:09.820 · Last modified 2026-06-17T04:44:37.600

Summary

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors dis

Affected products

lightbend — play_framework

Does this affect you?

Add your gear to cvedb and we'll alert you only when lightbend ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.