Vulnerability Details CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-12480
-
cpe:2.3:a:lightbend:play_framework:2.6.0
-
cpe:2.3:a:lightbend:play_framework:2.6.1
-
cpe:2.3:a:lightbend:play_framework:2.6.10
-
cpe:2.3:a:lightbend:play_framework:2.6.11
-
cpe:2.3:a:lightbend:play_framework:2.6.12
-
cpe:2.3:a:lightbend:play_framework:2.6.13
-
cpe:2.3:a:lightbend:play_framework:2.6.14
-
cpe:2.3:a:lightbend:play_framework:2.6.15
-
cpe:2.3:a:lightbend:play_framework:2.6.16
-
cpe:2.3:a:lightbend:play_framework:2.6.17
-
cpe:2.3:a:lightbend:play_framework:2.6.18
-
cpe:2.3:a:lightbend:play_framework:2.6.19
-
cpe:2.3:a:lightbend:play_framework:2.6.2
-
cpe:2.3:a:lightbend:play_framework:2.6.20
-
cpe:2.3:a:lightbend:play_framework:2.6.21
-
cpe:2.3:a:lightbend:play_framework:2.6.22
-
cpe:2.3:a:lightbend:play_framework:2.6.23
-
cpe:2.3:a:lightbend:play_framework:2.6.24
-
cpe:2.3:a:lightbend:play_framework:2.6.25
-
cpe:2.3:a:lightbend:play_framework:2.6.3
-
cpe:2.3:a:lightbend:play_framework:2.6.4
-
cpe:2.3:a:lightbend:play_framework:2.6.5
-
cpe:2.3:a:lightbend:play_framework:2.6.6
-
cpe:2.3:a:lightbend:play_framework:2.6.7
-
cpe:2.3:a:lightbend:play_framework:2.6.8
-
cpe:2.3:a:lightbend:play_framework:2.6.9
-
cpe:2.3:a:lightbend:play_framework:2.7.0
-
cpe:2.3:a:lightbend:play_framework:2.7.1
-
cpe:2.3:a:lightbend:play_framework:2.7.2
-
cpe:2.3:a:lightbend:play_framework:2.7.3
-
cpe:2.3:a:lightbend:play_framework:2.7.4
-
cpe:2.3:a:lightbend:play_framework:2.8.0
-
cpe:2.3:a:lightbend:play_framework:2.8.1