JSON Improper Removal of Sensitive Information Before Storage or Transfer
9 November 2020
Play JSON handling on the Java API serializes private and protected fields.
Users migrating from Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
- Play 2.8.0-2.8.4
This issue is fixed on Play 2.8.5.
CVSS Metrics (more info)
Credit for reporting this vulnerability goes to Onilton Maciel.