CVE-2020-12480

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-12480
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12480.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-12480
Aliases
Published
2020-08-17T21:15:11Z
Modified
2024-06-06T12:56:49.478154Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

References

Affected packages

Git / github.com/playframework/playframework

Affected versions

2.*

2.6.0
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.2
2.6.20
2.6.21
2.6.22
2.6.23
2.6.24
2.6.25
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.0-M1
2.7.0-M2
2.7.0-M3
2.7.0-M4
2.7.0-RC1
2.7.0-RC2
2.7.0-RC3
2.7.0-RC4
2.7.0-RC5
2.7.0-RC8
2.7.0-RC9
2.7.1
2.7.2
2.7.3
2.7.4
2.8.0
2.8.0-M1
2.8.0-M2
2.8.0-M3
2.8.0-M4
2.8.0-M5
2.8.0-M6
2.8.0-RC1
2.8.0-RC2
2.8.0-RC4
2.8.0-RC5
2.8.1