CVE-2020-27196
- Source
- https://cve.org/CVERecord?id=CVE-2020-27196
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27196.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-27196
- Aliases
- Published
- 2020-11-06T14:15:16.377Z
- Modified
- 2026-04-10T04:25:34.656572Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
- References
Affected packages
Git / github.com/playframework/playframework
Affected ranges
- Type
- GIT
- Repo
- https://github.com/playframework/playframework
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.6.25" }, { "introduced": "2.7.0" }, { "last_affected": "2.7.5" }, { "introduced": "2.8.0" }, { "last_affected": "2.8.2" } ] }
Affected versions
2.*
2.0
2.0-RC1
2.0-RC2
2.0-RC3
2.0-RC4
2.0-RC5
2.0-beta
2.1-RC1
2.1-RC2
2.1-RC3
2.2.0-M1
2.2.0-M2
2.2.0-M3
2.2.0-RC1
2.3-M1
2.3.0-RC1
2.4.0-M1
2.4.0-M2
2.4.0-M3
2.4.0-RC1
2.4.0-RC2
2.4.0-RC3
2.5.0
2.5.0-M1
2.5.0-M2
2.5.0-RC1
2.5.0-RC2
2.6.0
2.6.0-M1
2.6.0-M2
2.6.0-M3
2.6.0-M4
2.6.0-M5
2.6.0-RC1
2.6.0-RC2
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.2
2.6.20
2.6.21
2.6.22
2.6.23
2.6.24
2.6.25
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2