CVE-2020-26882

HIGH

Play Framework <2.9 - Info Disclosure

Title source: llm
STIX 2.1

Description

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0139
EPSS Percentile 68.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-674
Status published
Products (2)
com.typesafe.play/play 2.6.0 - 2.7.6Maven
lightbend/play_framework < 2.6.25
Published Nov 06, 2020
Tracked Since Feb 18, 2026