Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2015-5171 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common
CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:preflight-app
CVE-2022-24785 Vulnerability in npm package moment
CVE-2015-7501 Vulnerability in maven package org.apache.commons:commons-collections4
CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates