CVE-2020-28923

CVSS v3.1 2.7 (Low)

CVSS v2.0 4 (Medium)

EPSS 0.05 % (24^th)

Affected Products 1

Advisories 1

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-12-03 17:15:13
(3 years ago)
Updated Date: 2020-12-07 18:45:09
(3 years ago)

Affected Products

Lightbend

Play Framework

Configuration #1

		CPE23	From	Up To
	Lightbend Play Framework from 2.8.0 version and 2.8.4 and prior versions	cpe:2.3:a:lightbend:play_framework	>= 2.8.0	<= 2.8.4