CVE-2020-26882

Published: Nov 6, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.

Affected (3)

Products: Lightbend: Play Framework

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Lightbend Play Framework	Up to 2.6.25
Lightbend Play Framework	From 2.7.0 to 2.7.5
Lightbend Play Framework	From 2.8.0 to 2.8.2

Related CWEs

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (4)

https://www.playframework.com/security/vulnerability

Source: cve@mitre.org

Vendor Advisory

https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification

Source: cve@mitre.org

Vendor Advisory

https://www.playframework.com/security/vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.