Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2023-29521 Vulnerability in maven package org.xwiki.platform:xwiki-platform-vfs-ui
CVE-2014-4611 Vulnerability in maven package net.jpountz.lz4:lz4
CVE-2016-4800 Vulnerability in maven package org.eclipse.jetty:jetty-util
CVE-2016-8609 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2022-43431 Vulnerability in maven package com.compuware.jenkins:compuware-strobe-measurement