CVE-2020-12480
MEDIUMPlay Framework 2.6.0-2.8.1 - Cross-Site Request Forgery Bypass via Unparseable Content-Type Parameters
Title source: llmDescription
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.playframework.com/security/vulnerability
Vendor Advisory x_refsource_misc
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Scores
CVSS v3
6.5
EPSS
0.0053
EPSS Percentile
40.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (2)
com.typesafe.play/play_2.12
0 - 2.7.5Maven
lightbend/play_framework
2.6.0 - 2.6.25
Published
Aug 17, 2020
Tracked Since
Feb 18, 2026