PT-2020-16528 · Lightbend · Play Framework

Lucash-Dev

Published

2020-11-06

Updated

2022-02-10

CVE-2020-26882

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Play Framework versions 2.6.0 through 2.8.2

Description The issue concerns data amplification that can occur when an application accepts multipart/form-data JSON input.

Recommendations For Play Framework versions 2.6.0 through 2.8.2, consider restricting the acceptance of multipart/form-data JSON input to minimize the risk of data amplification until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2020-26882

GHSA-R8RM-4HFJ-2X87

Affected Products

Play Framework

PT-2020-16528 · Lightbend · Play Framework

CVE-2020-26882

Weakness Enumeration

Related Identifiers

Affected Products

References · 9