CVE-2020-26883

Published: Nov 6, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.

Affected (3)

Products: Lightbend: Play Framework

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Lightbend Play Framework	Up to 2.6.25
Lightbend Play Framework	From 2.7.0 to 2.7.5
Lightbend Play Framework	From 2.8.0 to 2.8.2

Related CWEs

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (4)

https://www.playframework.com/security/vulnerability

Source: cve@mitre.org

Vendor Advisory

https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion

Source: cve@mitre.org

Vendor Advisory

https://www.playframework.com/security/vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.