Vulnerability Details CVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 4.0
References
- https://www.playframework.com/security/vulnerability
- https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
- https://www.playframework.com/security/vulnerability
- https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
Products affected by CVE-2020-28923
-
cpe:2.3:a:lightbend:play_framework:2.8.0
-
cpe:2.3:a:lightbend:play_framework:2.8.1
-
cpe:2.3:a:lightbend:play_framework:2.8.2
-
cpe:2.3:a:lightbend:play_framework:2.8.3
-
cpe:2.3:a:lightbend:play_framework:2.8.4