Description
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Remediation
References
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
Related Vulnerabilities
CVE-2023-0481 Vulnerability in maven package io.quarkus.resteasy.reactive:resteasy-reactive-common
CVE-2023-33008 Vulnerability in maven package org.apache.johnzon:johnzon
CVE-2016-10364 Vulnerability in npm package kibana
CVE-2022-46686 Vulnerability in maven package io.jenkins.plugins:custom-build-properties
CVE-2021-22147 Vulnerability in maven package org.elasticsearch:elasticsearch