A vulnerability has been found in the handling of JSON parser. Carefully crafted JSON payloads sent as a form field leads to Uncontrolled Recursion.
This vulnerability affects Play 2.7.0 to 2.7.5 and Play 2.8.0 to 2.8.2.
This issue is fixed on Play 2.8.3 and 2.7.6. Please upgrade as soon as possible to avoid this security issue.
For details on this vulnerability, please see the advisory on the Play website:
https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion --
Ignasi Marimon-Clos
Senior Engineer @ Akka team