Home

CVE-2020-26883

Description

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.526

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-26882,CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play 2.7.6Windows
Vulnerabilities CVE-2020-26882,CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play 2.8.3Windows
Vulnerabilities CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play-java 2.7.6Windows
Vulnerabilities CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play-java 2.8.3Windows
Vulnerabilities CVE-2020-26882,CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play for Linux 2.7.6Linux
Vulnerabilities CVE-2020-26882,CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play for Linux 2.8.3Linux
Vulnerabilities CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play-java for Linux 2.7.6Linux
Vulnerabilities CVE-2020-27196,CVE-2020-26883 are fixed in Typesafe-play-java for Linux 2.8.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234