Description

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

Remediation

References

https://www.playframework.com/security/vulnerability

https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass

Related Vulnerabilities

CVE-2015-5346 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-2140 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail

CVE-2019-16548 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

CVE-2019-10436 Vulnerability in maven package org.jenkins-ci.plugins:google-oauth-plugin

CVE-2023-48241 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-query

Severity

High

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Vendor Advisory