CVE-2020-26883 - JSON parse Uncontrolled Recursion
22 views
Skip to first unread message
Ignasi Marimon-Clos i Sunyol
Nov 23, 2020, 5:35:09 AM11/23/20
to play-framew...@googlegroups.com
A vulnerability has been found in the handling of JSON parser. Carefully crafted JSON payloads sent as a form field leads to Uncontrolled Recursion.
This vulnerability affects Play 2.7.0 to 2.7.5 and Play 2.8.0 to 2.8.2.
This issue is fixed on Play 2.8.3 and 2.7.6. Please upgrade as soon as possible to avoid this security issue.
For details on this vulnerability, please see the advisory on the Play website:
https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
--
This vulnerability affects Play 2.7.0 to 2.7.5 and Play 2.8.0 to 2.8.2.
This issue is fixed on Play 2.8.3 and 2.7.6. Please upgrade as soon as possible to avoid this security issue.
For details on this vulnerability, please see the advisory on the Play website:
https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion
--
Ignasi Marimon-Clos
Senior Engineer @ Akka team
Reply all
Reply to author
Forward
0 new messages