CVE-2020-12480
MEDIUM6.5EPSS 0.04%CSRF in Play Framework
Published: 8/18/2020Modified: 11/8/2023
Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Affected packages (1)
- Maven/com.typesafe.play:play_2.12from 0, < 2.7.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-12480
- PATCHhttps://github.com/playframework/playframework
- WEBhttps://github.com/playframework/playframework/commit/c82de44fc50b7c58c6e0580f1f67ff08aa7bd154
- WEBhttps://github.com/playframework/playframework/pull/10285
- WEBhttps://www.playframework.com/security/vulnerability
- WEBhttps://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass