CVE-2020-12480: Cross-Site Request Forgery (CSRF)

August 17, 2020 (updated August 24, 2020)

In Play Framework, the CSRF filter can be bypassed by making CORS requests with content types that contain parameters that can’t be parsed.

References

nvd.nist.gov/vuln/detail/CVE-2020-12480

Detect and mitigate CVE-2020-12480 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →