7.5
CVE-2020-26883
- EPSS 0.53%
- Published 06.11.2020 14:15:16
- Last modified 21.11.2024 05:20:24
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
Data is provided by the National Vulnerability Database (NVD)
Lightbend ≫ Play Framework Version <= 2.6.25
Lightbend ≫ Play Framework Version >= 2.7.0 <= 2.7.5
Lightbend ≫ Play Framework Version >= 2.8.0 <= 2.8.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.644 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.