CVE-2020-12480
MEDIUM6.5EPSS 0.04%CSRF in Play Framework
發布日:2020/8/18修改日:2023/11/8
描述
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
受影響套件(1)
- Maven/com.typesafe.play:play_2.12from 0, < 2.7.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-12480
- PATCHhttps://github.com/playframework/playframework
- WEBhttps://github.com/playframework/playframework/commit/c82de44fc50b7c58c6e0580f1f67ff08aa7bd154
- WEBhttps://github.com/playframework/playframework/pull/10285
- WEBhttps://www.playframework.com/security/vulnerability
- WEBhttps://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass