play_2.12 is vulnerable to denial of service. The vulnerability exists when using the Form#bindFromRequest
method on a JSON request body or the Form#bind
method directly on a JSON value, allowing an attacker to crash the application through the OutOfMemoryError
by providing a deeply-nested JSON object or array.