Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2022-36914 Vulnerability in maven package org.jenkins-ci.plugins:files-found-trigger
CVE-2022-45382 Vulnerability in maven package org.jenkins-ci.plugins:naginator
CVE-2018-1000198 Vulnerability in maven package com.blackducksoftware.integration:blackduck-hub
CVE-2023-25764 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2018-1048 Vulnerability in maven package io.undertow:undertow-core