Description
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Remediation
References
Related Vulnerabilities
Ruby Other Vulnerability (CVE-2021-41817)
OpenSSL Resource Management Errors Vulnerability (CVE-2010-2939)
Jenkins Other Vulnerability (CVE-2021-21689)
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Scripting (4.2)
WordPress Plugin Change WordPress Login Logo Cross-Site Scripting (1.1.4)