Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2016-6812 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2017-2612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-17193 Vulnerability in maven package org.apache.nifi:nifi-web-utils
CVE-2022-36898 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations
CVE-2016-8629 Vulnerability in maven package org.keycloak:keycloak-services