Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2019-1354 Vulnerability in maven package org.webjars.npm:nodegit
CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:jasper
CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed
CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-legacy-oldcore