CVE-2020-12480 – com.typesafe.play:play_2.12

Package

Manager: maven
Name: com.typesafe.play:play_2.12
Vulnerable Version: >=0 <2.7.5 || >=2.8.0 <2.8.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00042 pctl0.11799

Details

CSRF in Play Framework In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

Metadata

Created: 2020-08-18T17:30:25Z
Modified: 2021-09-23T18:57:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-cf8j-64h9-6q58/GHSA-cf8j-64h9-6q58.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-cf8j-64h9-6q58
Finding: F007
Auto approve: 1