Description
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Remediation
References
Related Vulnerabilities
WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)
Liferay DXP CVE-2021-33330 Vulnerability (CVE-2021-33330)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3388)
OpenSSL Out-of-bounds Read Vulnerability (CVE-2004-0112)
WordPress Plugin BackUpWordPress Unspecified Vulnerability (3.12)