Описание
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.8.0 (включая) до 2.8.4 (включая)
cpe:2.3:a:lightbend:play_framework:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
EPSS
Процентиль: 40%
0.00182
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other