CVE-2019-17598
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-17598
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17598.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-17598
- Aliases
- Published
- 2019-11-05T15:15:12Z
- Modified
- 2024-09-03T02:29:39.918319Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.
- References
Affected packages
Git / github.com/playframework/playframework
Affected ranges
- Type
- GIT
- Repo
- https://github.com/playframework/playframework
- Events
-
IntroducedLast affectedIntroducedLast affected
Affected versions
2.*
2.5.0
2.5.1
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.5.16
2.5.17
2.5.18
2.5.19
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.6.0
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.2
2.6.20
2.6.21
2.6.22
2.6.23
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9