CVE-2020-12480 — Cross-Site Request Forgery in Play Framework
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 89.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 17
Latest updateAug 18
Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6