CVE-2020-12480
CSRF in Play Framework
6.5
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
How to fix CVE-2020-12480
To remediate CVE-2020-12480, upgrade the affected package to a fixed version below.
- Maven/com.typesafe.play:play_2.12—upgrade to 2.7.5 or later
Is CVE-2020-12480 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.7.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |