Description
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Remediation
References
Related Vulnerabilities
Sqlite Other Vulnerability (CVE-2019-20218)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2018-1318)
WordPress Plugin Thrive Headline Optimizer Security Bypass (1.3.7.2)
WordPress Plugin Google Alert And Twitter Multiple Vulnerabilities (3.1.5)
WordPress Plugin Social Sharing-Social Warfare Malicious Code (4.4.7.1)