GHSA-cf8j-64h9-6q58

Source

https://github.com/advisories/GHSA-cf8j-64h9-6q58

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-cf8j-64h9-6q58/GHSA-cf8j-64h9-6q58.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cf8j-64h9-6q58

Aliases

CVE-2020-12480

Published

2020-08-18T17:30:25Z

Modified

2023-11-08T04:02:10.309011Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

CSRF in Play Framework

Details

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-08-18T17:30:12Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-352"
    ]
}

References

Affected packages

Maven / com.typesafe.play:play_2.12

Package

Name: com.typesafe.play:play_2.12; View open source insights on deps.dev
Purl: pkg:maven/com.typesafe.play/play_2.12

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.5

Affected versions

2.*

2.6.0-M1

2.6.0-M2

2.6.0-M3

2.6.0-M4

2.6.0-M5

2.6.0-RC1

2.6.0-RC2

2.6.0

2.6.1

2.6.2

2.6.3

2.6.5

2.6.6

2.6.7

2.6.9

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.18

2.6.19

2.6.20

2.6.21

2.6.22

2.6.23

2.6.24

2.6.25

2.7.0-M1

2.7.0-M2

2.7.0-M3

2.7.0-M4

2.7.0-RC3

2.7.0-RC4

2.7.0-RC5

2.7.0-RC8

2.7.0-RC9

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

Maven / com.typesafe.play:play_2.12

Package

Name: com.typesafe.play:play_2.12; View open source insights on deps.dev
Purl: pkg:maven/com.typesafe.play/play_2.12

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0

Fixed

2.8.2

Affected versions

2.*

2.8.0

2.8.1