CSRF Filter Bypass via CORS Simple Requests with Unparseable Content Types

CSRF Filter Bypass via CORS Simple Requests with Unparseable Content Types

CVE-2020-12480 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

Learn more about our Web Application Penetration Testing UK.