CVE-2020-27196

Out-of-bounds Write in maven/com.typesafe.play/play_2.11

Identifier

CVE-2020-27196

Package Slug

maven/com.typesafe.play/play_2.11

Vulnerability

Out-of-bounds Write

Description

The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.

Affected Versions

All versions up to 2.6.25, all versions starting from 2.7.0 up to 2.7.5, all versions starting from 2.8.0 up to 2.8.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-11-16

source