In Play Framework 2.6.0 up to and including 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lightbend play framework |