In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can’t be parsed.
CPE | Name | Operator | Version |
---|---|---|---|
play_framework | ge | 2.8.0 | |
play_framework | le | 2.8.1 | |
play_framework | ge | 2.7.0 | |
play_framework | le | 2.7.4 | |
play_framework | ge | 2.6.0 | |
play_framework | le | 2.6.25 |