CVE-2020-26882 - JSON parse Data Amplification Inbox
21 views
Skip to first unread message
Ignasi Marimon-Clos i Sunyol
Nov 23, 2020, 5:35:06 AM11/23/20
to play-framew...@googlegroups.com
A vulnerability has been found in the handling of JSON parser. Carefully
crafted JSON payloads sent as a form field leads to Data Amplification.
This vulnerability affects Play 2.7.0 to 2.7.5 and Play 2.8.0 to 2.8.2.
This issue is fixed on Play 2.8.3 and 2.7.6. Please upgrade as soon as possible to avoid this security issue.
For details on this vulnerability, please see the advisory on the Play website:
https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
--
Ignasi Marimon-Clos
Senior Engineer @ Akka team
This vulnerability affects Play 2.7.0 to 2.7.5 and Play 2.8.0 to 2.8.2.
This issue is fixed on Play 2.8.3 and 2.7.6. Please upgrade as soon as possible to avoid this security issue.
For details on this vulnerability, please see the advisory on the Play website:
https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification
--
Ignasi Marimon-Clos
Senior Engineer @ Akka team
Reply all
Reply to author
Forward
0 new messages