CVE-2020-12480
Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that cant be parsed.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.036
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-12480 are fixed in Typesafe-play_2.12 2.7.5 | Windows |
| Vulnerabilities CVE-2020-12480 are fixed in Typesafe-play_2.12 2.8.2 | Windows |
| Vulnerabilities CVE-2020-12480 are fixed in Typesafe-play_2.12 for Linux 2.7.5 | Linux |
| Vulnerabilities CVE-2020-12480 are fixed in Typesafe-play_2.12 for Linux 2.8.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234