Vulnerability Details CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-12480
-
cpe:2.3:a:lightbend:play_framework:2.6.0
-
cpe:2.3:a:lightbend:play_framework:2.6.1
-
cpe:2.3:a:lightbend:play_framework:2.6.10
-
cpe:2.3:a:lightbend:play_framework:2.6.11
-
cpe:2.3:a:lightbend:play_framework:2.6.12
-
cpe:2.3:a:lightbend:play_framework:2.6.13
-
cpe:2.3:a:lightbend:play_framework:2.6.14
-
cpe:2.3:a:lightbend:play_framework:2.6.15
-
cpe:2.3:a:lightbend:play_framework:2.6.16
-
cpe:2.3:a:lightbend:play_framework:2.6.17
-
cpe:2.3:a:lightbend:play_framework:2.6.18
-
cpe:2.3:a:lightbend:play_framework:2.6.19
-
cpe:2.3:a:lightbend:play_framework:2.6.2
-
cpe:2.3:a:lightbend:play_framework:2.6.20
-
cpe:2.3:a:lightbend:play_framework:2.6.21
-
cpe:2.3:a:lightbend:play_framework:2.6.22
-
cpe:2.3:a:lightbend:play_framework:2.6.23
-
cpe:2.3:a:lightbend:play_framework:2.6.24
-
cpe:2.3:a:lightbend:play_framework:2.6.25
-
cpe:2.3:a:lightbend:play_framework:2.6.3
-
cpe:2.3:a:lightbend:play_framework:2.6.4
-
cpe:2.3:a:lightbend:play_framework:2.6.5
-
cpe:2.3:a:lightbend:play_framework:2.6.6
-
cpe:2.3:a:lightbend:play_framework:2.6.7
-
cpe:2.3:a:lightbend:play_framework:2.6.8
-
cpe:2.3:a:lightbend:play_framework:2.6.9
-
cpe:2.3:a:lightbend:play_framework:2.7.0
-
cpe:2.3:a:lightbend:play_framework:2.7.1
-
cpe:2.3:a:lightbend:play_framework:2.7.2
-
cpe:2.3:a:lightbend:play_framework:2.7.3
-
cpe:2.3:a:lightbend:play_framework:2.7.4
-
cpe:2.3:a:lightbend:play_framework:2.8.0
-
cpe:2.3:a:lightbend:play_framework:2.8.1