Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-2628)
WordPress Plugin WPJobBoard Multiple Cross-Site Scripting Vulnerabilities (4.5.1)
Apache HTTP Server Other Vulnerability (CVE-2000-0868)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-28169)