High severityNVD Advisory· Published Nov 5, 2019· Updated Aug 5, 2024
CVE-2019-17598
CVE-2019-17598
Description
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.typesafe.play:play-ws_2.12Maven | >= 2.5.0, < 2.6.24 | 2.6.24 |
Affected products
2- Lightbend/Play Frameworkdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-442g-gcg6-mhm4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-17598ghsaADVISORY
- www.playframework.com/security/vulnerabilityghsax_refsource_MISCWEB
- www.playframework.com/security/vulnerability/CVE-2019-17598-PlayWSHttpConnectAuthorizationHeadersghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.