CVE-2020-12480 Vulnerability in maven package com.typesafe.play:play_2.13

Description

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

Remediation

References

https://www.playframework.com/security/vulnerability

https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass

Related Vulnerabilities

CVE-2022-28156 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest

CVE-2020-7648 Vulnerability in npm package snyk-broker

CVE-2016-8750 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules

CVE-2017-2601 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-33005 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth

Severity

High

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N