Add 2 more vulns for Scala

codelion · codelion · commit 63e01a12b699 · 2017-01-04T10:46:06.000+08:00
diff --git a/Scala/CVE-2014-3630.yml b/Scala/CVE-2014-3630.yml
@@ -0,0 +1,13 @@
+---
+type: library
+maven: com.typesafe.play:play_2.10
+cve: CVE-2014-3630
+url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3630
+title: XML External Entities
+date: 2014-10-07
+description: >
+  A vulnerability has been found in Play’s Java XML processing. 
+  An attacker may use XML external entities to read files from the file system, internal network, or DoS the application.
+cvss_v2: 4.0
+patched_versions:
+  - ">= 2.3.5"
diff --git a/Scala/CVE-2015-2156.yml b/Scala/CVE-2015-2156.yml
@@ -0,0 +1,12 @@
+---
+type: library
+maven: com.typesafe.play:play_2.10
+cve: CVE-2015-2156
+url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2156
+title: Http only cookie bypass
+date: 2015-05-09
+description: >
+  A vulnerability has been found in Play’s cookie handling code that could allow an attacker to bypass the httpOnly flag on sensitive cookies.
+cvss_v2: 4.0
+patched_versions:
+  - ">= 2.3.9"
