Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-v9mf-jgq3-c28h

Опубликовано: 09 фев. 2022
Источник: github
Github: Прошло ревью
CVSS3: 2.7

Описание

Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.

Ссылки

Пакеты

Наименование

com.typesafe.play:play

maven
Затронутые версииВерсия исправления

>= 2.8.0, < 2.8.5

2.8.5

EPSS

Процентиль: 40%
0.00182
Низкий

2.7 Low

CVSS3

CVE ID

CVE-2020-28923

Дефекты

CWE-20

Связанные уязвимости

nvd логотип

CVE-2020-28923

CVSS3: 2.7
nvd
около 5 лет назад

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.

EPSS

Процентиль: 40%
0.00182
Низкий

2.7 Low

CVSS3

CVE ID

CVE-2020-28923

Дефекты

CWE-20