An issue exists in Play Framework 2.8.0 up to and including 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version before 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lightbend play framework |