Lightbend · Play Framework · CVE-2020-28923
**Name of the Vulnerable Software and Affected Versions**
Play Framework versions 2.8.0 through 2.8.4
**Description**
An issue was discovered where carefully crafted JSON payloads sent as a form field can lead to Data Amplification. This issue affects users who are migrating from a Play version prior to 2.8.0 and used the Play Java API to serialize classes with protected or private fields to JSON.
**Recommendations**
For Play Framework versions 2.8.0 through 2.8.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.