CVE-2019-17598

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17598
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17598.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-17598
Aliases
Published
2019-11-05T15:15:12Z
Modified
2024-10-12T04:35:32.138510Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.

References

Affected packages

Git / github.com/playframework/playframework

Affected ranges

Type
GIT
Repo
https://github.com/playframework/playframework
Events

Affected versions

2.*

2.5.0
2.5.1
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.5.16
2.5.17
2.5.18
2.5.19
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.6.0
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.2
2.6.20
2.6.21
2.6.22
2.6.23
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9