CVE-2020-28923
First published: Thu Dec 03 2020(Updated: )
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lightbend Play Framework | >=2.8.0<=2.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in Play Framework?
The vulnerability ID for this issue in Play Framework is CVE-2020-28923.
What is the severity of CVE-2020-28923?
The severity of CVE-2020-28923 is medium.
What is the affected software version range for CVE-2020-28923?
The affected software version range for CVE-2020-28923 is from 2.8.0 through 2.8.4.
What is the impact of CVE-2020-28923?
CVE-2020-28923 can lead to Data Amplification for users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Where can I find more information about CVE-2020-28923?
You can find more information about CVE-2020-28923 on the official Play Framework security page: https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/lightbend
- canonical/lightbend play framework
- version/lightbend play framework/2.8.0
- version/lightbend play framework/2.8.4