An issue exists in Lightbend Play Framework 2.5.x up to and including 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lightbend play framework |