CVE-2020-12480

Published: Aug 17, 2020
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-12480" target="_blank" rel="noopener"> CVE-2020-12480
GHSA: <a href="https://github.com/advisories/GHSA-cf8j-64h9-6q58" target="_blank" rel="noopener"> GHSA-cf8j-64h9-6q58
Severity: Medium
Exploit:

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

CVSS v3:

CVSS v2:

CWEs: