5 matches found
ai.lum:odinson-rest-api_2.12 (>=0.2.0 <=0.2.3), ai.snips:play-mongo-bson_2.12 (>=0.4 <=0.5.1) +482 more potentially affected by CVE-2020-12480 via com.typesafe.play:play_2.12 (>=2.6.0-M1 <=2.7.4)
com.typesafe.play:play2.12 MAVEN version =2.6.0-M1, =0.2.0, =0.4, =0.4.0, =2.6.0, =2.6.0, =0.1.0, =0.3.0, =1.1.0, =1.3.0, =1.3.1 and more Source cves: CVE-2020-12480 Source advisory: OSV:GHSA-CF8J-64H9-6Q58...
ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0), be.objectify:deadbolt-java_2.12 (>=2.8.0 <=2.8.1) +202 more potentially affected by CVE-2020-12480 via com.typesafe.play:play_2.12 (>=2.8.0 <=2.8.19)
com.typesafe.play:play2.12 MAVEN version =2.8.0, =0.3.1, =2.8.0, =2.8.0, =1.6-P28, =1.6-P28-B3, =1.6.1, =14.0.0play2.8, =14.0.0play2.8, =18.0.4play2.8 - com.digitaltangible:play-guard2.12 =2.5.0 and more Source cves: CVE-2020-12480 Source advisory: OSV:GHSA-CF8J-64H9-6Q58...
CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
CVE-2020-12480
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...
CVE-2020-12480
CVE-2020-12480 affects Play Framework 2.6.0–2.8.1. The CSRF filter can be bypassed when handling CORS simple requests with content types that contain parameters that can’t be parsed, enabling CSRF in affected deployments. Red Hat and security advisories (GHSA/Veracode OSV) corroborate the CSRF by...