PT-2020-17056 · Lightbend · Play Framework

Onilton Maciel

·

Published

2020-12-03

·

Updated

2022-02-09

·

CVE-2020-28923

CVSS v2.0

4.0

Medium

VectorAV:N/AC:L/Au:S/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Play Framework versions 2.8.0 through 2.8.4
Description An issue was discovered where carefully crafted JSON payloads sent as a form field can lead to Data Amplification. This issue affects users who are migrating from a Play version prior to 2.8.0 and used the Play Java API to serialize classes with protected or private fields to JSON.
Recommendations For Play Framework versions 2.8.0 through 2.8.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-28923
GHSA-V9MF-JGQ3-C28H

Affected Products

Play Framework