CVE-2020-27196
maven/com.typesafe.play/play-ws_2.12
Out-of-bounds Write
The body parsing of HTTP requests eagerly parses a payload given a Content-Type
header. A deep JSON structure sent to a valid POST
endpoint (that may or may not expect JSON payloads) causes a StackOverflowError
and Denial of Service.
All versions up to 2.6.25, all versions starting from 2.7.0 up to 2.7.5, all versions starting from 2.8.0 up to 2.8.2
Unfortunately, there is no solution available yet.
2020-11-16
source |