Vulnerability Details CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-12480
-
cpe:2.3:a:lightbend:play_framework:2.6.0
-
cpe:2.3:a:lightbend:play_framework:2.6.1
-
cpe:2.3:a:lightbend:play_framework:2.6.10
-
cpe:2.3:a:lightbend:play_framework:2.6.11
-
cpe:2.3:a:lightbend:play_framework:2.6.12
-
cpe:2.3:a:lightbend:play_framework:2.6.13
-
cpe:2.3:a:lightbend:play_framework:2.6.14
-
cpe:2.3:a:lightbend:play_framework:2.6.15
-
cpe:2.3:a:lightbend:play_framework:2.6.16
-
cpe:2.3:a:lightbend:play_framework:2.6.17
-
cpe:2.3:a:lightbend:play_framework:2.6.18
-
cpe:2.3:a:lightbend:play_framework:2.6.19
-
cpe:2.3:a:lightbend:play_framework:2.6.2
-
cpe:2.3:a:lightbend:play_framework:2.6.20
-
cpe:2.3:a:lightbend:play_framework:2.6.21
-
cpe:2.3:a:lightbend:play_framework:2.6.22
-
cpe:2.3:a:lightbend:play_framework:2.6.23
-
cpe:2.3:a:lightbend:play_framework:2.6.24
-
cpe:2.3:a:lightbend:play_framework:2.6.25
-
cpe:2.3:a:lightbend:play_framework:2.6.3
-
cpe:2.3:a:lightbend:play_framework:2.6.4
-
cpe:2.3:a:lightbend:play_framework:2.6.5
-
cpe:2.3:a:lightbend:play_framework:2.6.6
-
cpe:2.3:a:lightbend:play_framework:2.6.7
-
cpe:2.3:a:lightbend:play_framework:2.6.8
-
cpe:2.3:a:lightbend:play_framework:2.6.9
-
cpe:2.3:a:lightbend:play_framework:2.7.0
-
cpe:2.3:a:lightbend:play_framework:2.7.1
-
cpe:2.3:a:lightbend:play_framework:2.7.2
-
cpe:2.3:a:lightbend:play_framework:2.7.3
-
cpe:2.3:a:lightbend:play_framework:2.7.4
-
cpe:2.3:a:lightbend:play_framework:2.8.0
-
cpe:2.3:a:lightbend:play_framework:2.8.1