Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2014-3502 Vulnerability in npm package cordova-android
CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-controller
CVE-2023-50777 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate
CVE-2022-36914 Vulnerability in maven package org.jenkins-ci.plugins:files-found-trigger
CVE-2013-4286 Vulnerability in maven package tomcat:tomcat-coyote