Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2016-3094 Vulnerability in maven package org.apache.qpid:qpid-broker-core
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2021-21689 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2014-0110 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2017-3586 Vulnerability in maven package mysql:mysql-connector-java